Only 48% of organizations feel confident in their understanding of the cybersecurity threat landscape for their business, according to new research from Rackspace Technology. In addition, only three in five (59%) Middle East businesses feel confident in their ability to respond to incidents today.
Constantly evolving security threats and attack methods, as well as increasing attack opportunities as data volumes, digital operations and remote work continue to grow, are cited by more than half (55%) of the Middle East’s IT leaders as the greatest cybersecurity challenges their organization is currently facing.
In the face of this threat landscape, further concern is raised by the finding that nearly half (44%) of IT decision makers don’t have the capability today to identify security incidents across multicloud environments. When it comes to mitigating threats, only 49% of those surveyed feel confident in addressing them today, and only half feel assured in addressing regulatory compliance.
In relation to data, about half (56%) are currently confident in their ability to protect critical data and warehouses. And when it comes to assessing cybersecurity capabilities and needs on a periodic basis, only two in five (45%) felt comfortable in this area.
The talent and skills gaps
Contributing to or explaining some of the ongoing challenges, more than half (64%) of companies are finding it hard to retain and recruit cybersecurity talent, though a similar proportion (61%) are confident in their internal initiatives in terms of cybersecurity talent retention.
The cybersecurity skills touted as the most important were cloud security (52%) and risk management (50%). Despite its importance, a third (37%) of companies feel the biggest cybersecurity skills gap is in relation to cloud security.
Addressing the cybersecurity gaps with third-party providers
In the face of staffing and skills concerns, more than half of Middle East businesses (62%) rely on in-house staff with some external third-party help. A third (34%) said they use at least six to ten external partners to provide cybersecurity. When looking into the types of cybersecurity partner the businesses engage with, the most sought-after are Managed Security Service Providers (MSSPs) (48%) and System Integrators (45%). The top three areas of cybersecurity most likely to be handled by external partners are around integrated risk (52%), network security (45%) and data security (41%).
When asked to report their companies’ overall level of maturity in cloud security, 34% said they were at intermediate level, having to rely on third-party tools built for cloud security. An additional 27% described themselves as cloud-centric, meaning they use native tooling mixed with third-party tooling.
George Pawlyszyn, Middle East and Africa General Manager at Rackspace Technology, said: “Cybersecurity is one of the most important digital elements for Middle Eastern businesses, but also the trickiest to address. This is particularly true due to the accelerated pace of digital transformation across key sectors. Given the current digital skills gap and ongoing recruitment challenges, it is important that businesses seek further support from third-party partners to help identify and address their weaknesses.
“Factors such as the evolving threat landscape, remote working conditions and talent shortages all feed into the varying security needs from one business to the next. What is increasingly clear is that few businesses have all bases covered – people, processes and technology in place – when it comes to a mature cybersecurity model. Working with a partner that can bring these specialist skills and tailor them to specific requirements is an increasingly popular and effective way to ensure and increase overall confidence in addressing cybersecurity needs.”