About 61% of attacks also involve operational technology, Tenable report shows
Dubai: As cybercriminals continue their relentless attacks, 95% of Saudi Arabian organisations have experienced a business-impacting cyberattack in the past 12 months.
According to a study conducted by cyber exposure company Tenable, 85% of respondents in Saudi Arabia have witnessed a dramatic increase in the number of business-impacting cyberattacks over the past two years.
Unfortunately, these attacks had damaging effects, with organisations reporting a loss of customer and/or employee data (41%), ransomware payments (37%) and financial loss or theft (35%).
The report showed that about 61% of the security leaders in Saudi Arabia said that the attacks also involved operational technology (OT).
Only four out of 10 of local security leaders say they can answer the fundamental question, “How secure, or at risk, are we?” with a high level of confidence, despite the prevalence of business-impacting cyberattacks.
Looking at global respondents, fewer than 50% of security leaders said they are framing cybersecurity threats within the context of specific business risk.
For example, though 96% of respondents had developed response strategies to the Covid-19 pandemic, 75% of business and security leaders admitted their response strategies were only “somewhat” aligned.
In the future, Renaud Deraison, Chief Technology Officer and co-founder, Tenable, said that there will be two kinds of CISO – those who align themselves directly with the business and everyone else.
Cybersecurity strategy is essential
The only way to thrive in this era of digital acceleration is to bring cyber into every business question, decision and investment, he said.
“We believe this study shows that forward-leaning organisations view cybersecurity strategy as essential to innovation and that when security and the business work hand-in-glove, the results can be transformational,” he said.
The report showed that organisations with security and business leaders who are aligned in measuring and managing cybersecurity as a strategic business risk deliver demonstrable results are eight times more likely to be highly confident in their ability to report on their organisations’ level of security or risk while 90% are very or completely confident in their ability to demonstrate that cybersecurity investments are positively impacting business performance compared with 55% of their siloed counterparts.