92% Saudi firms unsafe to cyberattacks; Accenture study

The study, carried out by the multinational professional services company Accenture has revealed that only 8 percent of organizations in Saudi Arabia are considered as “leaders” in “cyber resilience” compared with 17 percent globally.

The new study that classifies how well firms are prepared to defend themselves against cyberattacks said Saudi Arabia companies are 50 percent less likely compared to their average global peers to be leaders in cybersecurity performance.

With working from home protocols forcing employees to work outside of their companies’ security network, security breaches are on the rise, according to experts.

Accenture’s third “Annual State of Cyber Resilience” study

Accenture Research surveyed 4,644 (including 111 in Saudi Arabia) officials representing organizations with annual revenues of at least $1 billion in 24 industries and 16 countries across North and South America, Europe and Asia Pacific.

Nearly all respondents (98 percent) were the sole or key decision-makers for their organization’s cybersecurity strategy and spending.

“We track year-on-year progress whether it’s positive or negative. We track costs as well. And overall, we track the effectiveness of some of the capabilities that our clients are building,” Ahmed Etman, Accenture Security Lead in the Middle East said.

While Mr. Etman acknowledged that Saudi Arabia’s 8 percent “does not look very positive” in comparison to the global average, he believes the situation in the Kingdom is improving rapidly.

“Working with Saudi clients, we see a lot more investment,” he said. “There is an increase in security spending in the last few years. I think (there is) an increase of 25 percent on cyber resilience in Saudi businesses, which is ahead of everyone else.”

Cyber Security Leader 

For a company to be recognized as a “leader” in the study, it needs to be among the highest performers in at least three of four categories: Stopping attacks; finding breaches quickly; fixing breaches quickly; and reducing the impact of breaches. “Leaders stop four times as many attacks as other groups,” Mr. Etman said, adding that leaders also detected breaches and fixed them much quicker than other groups, which also means that the impact of those breaches is lessened significantly.

The study showed that more than 80 percent of organizations are failing to identify and fix breaches in time to minimize their impact worldwide. Saudi organizations were only 33 percent likely compared to their global counterparts to resolve breaches in 15 days or less.

“The survey findings should be a wake-up call for companies in one of the most critical markets in the region. “There is an enormous opportunity for Saudi businesses to improve their cyber resilience by reducing the time it takes to detect and respond to attacks,” said Mr. Etman.

He also noted that the speed at which technology changes can make it difficult for many organizations to keep up with new threats.

“It takes time to get technology transformation happening. And, at the same time, to realize that this transformation is opening doors for new attacks,” Mr. Etman said, adding that while direct attacks are becoming less common, “what we’re saying is a more sophisticated breed of attacks.”

That might mean attacks targeting weak links in an organization’s supply chain, rather than the organization itself, the Accenture security lead suggested.

“It could be the food company that has a supply chain, an ecosystem of partners that they work with. It could be an e-commerce company that has a supply chain and a lot of data and many places that could be targeted (even though) the actual business itself is well looked after.”

Organizations should absolutely be focusing on “creating more capabilities that would allow them to stop more attacks,” Etman said.

“They should be shaping their investments to shrink these two-time frames — ‘time to detect’ and ‘time to respond’ — which will eventually lead to higher effectiveness.”