Data breaches are expensive at the best of times, but a Gartner report has found that organisations in the Gulf spend 66% more on recovery than the global average.
The report states that organisations in the Gulf should expect to spend US$3.5 million (13.1 million SAR) following a breach. Sam Olyaei, principal research analyst at Gartner, says this is because organisations in the region don’t have enough resources to identify and respond to incidents promptly.
“Usually three to four security analysts are required to detect such attacks in time but in this region there is an average of zero to one,” he said.
There is a clear link between the time it takes to identify a breach and the cost of recovery. Ponemon Institute estimated that organisations that spot breaches within 100 days save an average of US$1.1 million (4.1 million SAR) per incident.
Most organisations fail to meet that target, but few are as slow to react as those in the Middle East, which take an average of 260 days to identify a breach. By that time, there is very little that an organisation can do to mitigate the damage.
Processes must be overhauled
Gartner’s report should be a further warning to organisations in the Gulf that they need to address cyber security.
Earlier this year, KPMG’s head of cyber security in the lower Gulf, Shadab Nawaz, criticised the region’s approach to cyber security, claiming that organisations’ processes need to be overhauled to account for the growing threat of cyber crime. Although many businesses are adopting smart technology and relying more than ever on the Internet, this hasn’t been matched by innovations to stay secure.
Nawaz says that to combat this, “cyber security needs to be embedded into the very culture of businesses, with strong commitment from the board”.
The best way to do this is to follow the requirements of ISO 27001, the international standard for information security. The Standard instructs organisations to create an ISMS (information security management system), helping them monitor, audit and continually improve their practices in one place.
Find out more about ISO 27001
Our ISO 27001 data sheet provides a comprehensive introduction to the Standard. Download this free guide to learn:
- How ISO 27001 will help improve your organisation’s information security practices;
- How the Standard works;
- What you need to consider when implementing the Standard’s requirements;
- The benefits of certifying to the Standard; and
- How to overcome the challenges of ISO 27001 implementation.