A recent report reveals that 20% of companies in the UAE acknowledge a lack of budget for sufficient cybersecurity measures. Within the last two years, 15% of UAE companies experienced cyber incidents attributed to insufficient investment in cybersecurity, as per a study by Kaspersky. Notably, critical infrastructure, oil and gas, and energy organizations in the Middle East, Turkey, and Africa region accounted for 60% of cyber incidents due to inadequate budget allocation.
Kaspersky’s study, focusing on the perspectives of IT security professionals in SMEs and enterprises globally, examined the human impact on cybersecurity within companies. It considered both internal staff and external contractors, analyzing decision-makers’ influence on cybersecurity, particularly in terms of budget allocation.
Different industries faced varying challenges; for instance, critical infrastructure, energy, and oil and gas organizations in the META region suffered the most cyber breaches due to budget limitations (60%). The telecommunications sector experienced 25% of incidents related to budget constraints, while transport and logistics endured 17%, and financial services companies saw 14% across the region.
Regarding cybersecurity budgets, 76% of UAE respondents indicated preparedness to cope with or stay ahead of emerging threats. However, 20% of companies faced challenges, with 18% citing insufficient funds for proper infrastructure protection. Additionally, 2% reported having no dedicated budget for cybersecurity needs.
Many companies expressed intentions to strengthen their cybersecurity in the next 1-1.5 years. Popular areas for investment include threat detection software (33%) and training, with 47% allocating budgets for cybersecurity education and 42% for general staff training. Other planned measures include introducing endpoint protection software (36%), hiring additional IT professionals (40%), and adopting SaaS cloud solutions (38%).
Ivan Vassunov, Vice President of Corporate Products at Kaspersky, emphasized the need for aligning cybersecurity investments with business strategy and viewing cybersecurity as a business goal. He suggested strategies such as investing in advanced technologies like SASE, XDR, and MDR, emphasizing transparency through C-level dashboards, and considering modern approaches to enhance ROI and incident response.
To optimize cybersecurity budgets, Kaspersky recommends implementing products with advanced anomaly control, using easily-manageable solutions, investing in comprehensive training for all staff, and considering expert assistance.