FEATURE : ENTERPRISE RESILIENCE
But despite these concerns for the near future , the same study shows that only 46 % of those leaders believe they are adequately prepared to handle such an incident . There is a significant disconnect between the perceived risk of cyber threats and the level of preparedness among the nation ’ s businesses .
As the digital threat landscape continues to evolve , regional businesses find themselves in a delicate position when it comes to cybersecurity . In this landscape , how can companies become more confident in their ability to defend themselves against modern cyber threats ? The gap between the anticipated risks of cyberattacks and the preparedness of businesses to address them speaks volumes about the current state of cybersecurity in the Middle East and Türkiye .
Among the 53 % of respondents whose organisations experienced a cybersecurity incident in the past year , 77 % estimated the financial impacts to be at least US $ 1 million , while one third , 38 % estimated the loss to be US $ 2 million or more . Financial loss is not the only impact organisations have suffered .
38 % organisations have had to put growth plans on hold in the aftermath of an incident , and 37 % have had to lay off staff because of the financial impact . Other organisations have been subjected to legal action or been forced to pay fines because of incidents .
Ignorance or confidence
This discrepancy is not a question of ignorance but of confidence – or the lack thereof . With 82 % of organisations in the Middle East and Türkiye region reporting a cybersecurity incident in the past year according to data , the threat is very real . And still , less than half of the business leaders surveyed feel they have the necessary defences in place . This points to a critical issue : while awareness is growing , true preparedness remains low .
What stands out from the Cloudflare data is that sectors in the region with higher attack frequencies , such as financial services and IT , report feeling more prepared for future incidents . This is logical ; experience breeds resilience . This confidence also stems from the sectors ’ early adoption of advanced cybersecurity tools and practices , equipping them to handle the evolving threat landscape .
But while the financial services and IT sectors are more prepared for such an incident , others are lagging . Media , telecom , transport , construction and real estate sectors are least prepared , given that they have experienced fewer incidents .
The lower frequency of incidents in healthcare , 49 % is counterintuitive . The industry tends to be a highly targeted sector because it often suffers from a lack of investment and because systems hold vast amounts of sensitive patient data . Given the sensitive nature of the data handled in healthcare , a significant cyberattack could have devastating consequences . And as cyber threats become more sophisticated and frequent , hope is not a strategy .
Just because businesses have been lucky enough to avoid an attack so far , it does not make them immune in the future . And the industries that have yet to face a cyberattack are underprepared .
Data resilience
While once upon a time , it may have been an afterthought , data protection is now an everyday priority for businesses . Beyond regulations like GDPR and NIS2 , the average global cost of a data breach is $ 4.45M . The financial impact can be even worse if production data is compromised , either from a breach or internal error – leading to downtime . For enterprises , downtime costs over $ 1 million per hour , sometimes reaching as much as $ 5 million per hour in some cases .
“ With 37 % of servers experiencing at least one unexpected outage in 2023 , it is a constant struggle . Despite this , more education is needed , as too many misconceptions can leave businesses unprepared ,” says Mohamad Rizk , Senior Regional Director , Middle East and CIS , Veeam Software .
Cloud data backups
Businesses are well accustomed to storing data and workloads on the cloud . Case in point – cloud security breaches have surpassed those occurring on-premises servers . This is not a comment on one being more secure than the other but shows the shift in the balance of power , or data , for the modern organisation .
Despite this , there is still a widespread misunderstanding of the cloud ’ s shared responsibility model . A 2023 study found that 43 % of IT Data Managers incorrectly believe that cloud providers are responsible for protecting and recovering data in the cloud . This is simply not the case . While cloud providers ensure a certain level of resilience and redundancy for the data they host , their primary responsibility is to maintain the availability and integrity of their infrastructure .
This misconception stems from people believing cloud providers care for everything once you migrate . You used to hear the analogy that on-premises is like
42 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com