The majority (78%) of business leaders in the Middle East and Türkiye (MET) expect to suffer a cybersecurity incident in the next 12 months, but only 46% of organisations feel well prepared to deal with one. 

 

That’s according to new research from leading connectivity cloud company Cloudflare.  

 

Industries and companies most affected are Financial Services (63%) and IT & Technology (61%). Financial loss is not the only impact organisations have suffered. Nearly four out of 10 (38%) organisations have had to put growth plans on hold in the aftermath of an incident, and nearly four in 10 (37%) have had to lay off staff as a result of the financial impact. Other organisations have been subjected to legal action or been forced to pay fines as a result of incidents.

 

Healthcare highly targeted

The lower frequency of incidents in Healthcare (49%) is counterintuitive — the industry tends to be a highly targeted sector because it often suffers from a lack of investment and because systems hold vast amounts of sensitive patient data. In terms of industries, Education and Retail emerged as those least impacted, which is surprising given the high volumes of sensitive data at stake in both. 

 

Medium-sized organisations are revealed to be most vulnerable, with 58% having experienced an incident in the past year. Smaller organisations were less likely to have been affected, with just 39% experiencing an incident in the past year.

 

Businesses in the Business and Professional Services, Energy, Utilities and Natural Resources, Travel, Tourism and Hospitality, and Government industries are most prepared for cyberattacks whereas those in Media and Telecoms and Transport, Construction and Real Estate sectors are least prepared, given that they have experienced fewer incidents. 

 

Financial losses racking up

The financial losses arising from incidents can rack up quickly. Among the 53% of respondents whose organisations experienced a cybersecurity incident in the past year, 77% estimated the financial impacts to be at least $1 million, while one third (38%) estimated the loss to be $2 million or more.

 

The research, conducted with nearly 1,000 business and technology leaders across the Middle East and Türkiye, as part of a larger study which included more than 4,000 enterprises across 13 European markets, showed the following results:

 

Cyberattacks are pervasive, increasing in volume and frequency

●82% of MET organisations have experienced at least one cybersecurity incident in the last 24 months, with most having experienced multiple attacks. 

●Among organisations that were attacked in the past year, 84% reported more incidents compared to previous years. 42% say the volume has increased significantly.

●Among the respondents who reported that their organisation had experienced an incident in the last 12 months, 48% experienced anywhere between 1 and 10 incidents. In fact, more than a quarter (27%) of this group reported between 11 and 30 incidents, while a further 15% experienced between 31 and 60 — a rate of one incident every six to 11 days.

 

MET organisations need to watch out for these attack vectors

●According to the MET’s business and technology leaders, the top three most common types of cyberattack they face are web attacks (69%), malware - defined as viruses, worms, and Trojans - (62%) and phishing (55%). Other common threats are ransomware and spyware (38%), business email compromise (36%), and API attacks (32%).

 

Leadership teams are taking action 

●74% of respondents expect the proportion of their IT budget dedicated to cybersecurity to rise over the next year. Just 9% foresee a decrease, and 16% foresee no change. This is a positive sign, as organisations need to prepare for the increased volume of incidents they predict in the year ahead.

●For most, protecting their networks remains the number one investment area, with nearly 22% of the budget allocated to this pillar on average.

 

A mixed picture of solution deployment

●Encryption is currently organisations’ most deployed solution, with secure web gateways and firewall-as-a-service (FWaaS) not far behind.

●Regarding Secure access service edge (SASE), only 15% have fully implemented this model while 32% have progressed towards implementation. There is cause for optimism though as 70% respondents are now working with a single SASE vendor, which may reduce complexity and help speed up deployment.

●Zero Trust network access is a long way behind, despite widespread recognition of its ability to protect hybrid or remote workers. Over half (57%) say that Zero Trust adoption is still in its early stages. 38% believe that a lack of understanding is the single biggest barrier to adoption.

 

“Organisations across the Middle East and Türkiye are managing an increasingly complex cybersecurity landscape, all while ensuring operational efficiency, regulatory compliance, and uninterrupted productivity. With incidents on the rise in both volume and frequency, this balancing act becomes even more challenging, leaving leaders with a sense of diminishing control over their organisations’ technological and security frameworks,” said Bashar Bashaireh, RVP Middle East and Türkiye at Cloudflare. 

 

“This significant challenge requires innovative solutions capable of integrating diverse technological components into a cohesive and agile framework. The age of siloed legacy infrastructures is giving way to a new model of "any-to-any" cloud platforms, creating catalysts for innovation and growth. By concentrating on strategic integration, any-to-any cloud platforms empower leaders to securely transform technological challenges into competitive advantages. Adopting this approach will help shape a future where connectivity and innovation are at the heart of business success, opening the door to unlimited possibilities,” adds Bashaireh.--TradeArabia News Service