On encouraging private sector investment and improving cybersecurity
What are the primary forces driving demand for ICT solutions in the Kuwaiti private sector?
AHMAD MAROUF: The more transparent a corporation is, the more they are able to clearly identify their needs. When companies observe a trend happening and are willing to invest to adopt new practices as part of their business model, they are then willing to work with ICT companies that partner with international technology providers to develop tailored solutions. However, the question is if the company is willing to spend money now to generate returns later. The challenge with decision-making is forecasting how investing in a solution is linked to future profitability. This is something ICT providers need to work on, namely to highlight the link between investments in ICT and profitability.
Some fields receive hefty investments, whereas other areas of development still lag behind. This makes sense, because it is part of human nature to tend to matters when they are urgent. Thus, the industries in the Middle East that have had some exposure to cybersecurity threats tend to invest more in their company’s protection. Additionally, there are certain areas where the market is not yet willing to grow, so only once maturity levels rise in ICT integration will new solutions be perceived as initiatives that add value.
How ready are Kuwait’s domestic companies to engage in ICT investment?
MAROUF: In common with its regional peers, Kuwait is picking up pace in adopting new technologies. Whereas predictive maintenance has been available for some time, momentum has picked up only recently. There is a growing understanding about the high financial and non-financial costs that occur due to interrupted services and functionality, most of which are avoidable. When talking to energy companies, they often do not see the value in adopting new technologies as this would add an irregular cost into the year’s financial statements. However, there are a few who recognise the threat of a sudden loss of production or the importance of gaining a long-lasting edge over their competitors.
Furthermore, corporations that are proactive and seek different technologies sometimes experience changes in management which then stalls implementation plans or changes their interest in ICT investment. Companies operating in the field must not only be familiar with technology and what it does, but also with how to communicate this technology to clients in terms of financial benefits and long-term savings.
Is cybersecurity a risk in Kuwait, and if so, how can the country deal with this issue?
MAROUF: People have the false assumption that cybersecurity in Kuwait and the broader region is not a pressing threat and that countries are safe from attacks. However, when it comes to online security the reality is the exact opposite. As the GCC is a developing region, it is home to a lot of wealth that is not matched with enough investment in cybersecurity. Kuwait is young from a cybersecurity standpoint, but it is definitely picking up pace. The broader region has become a prime target for cyberattacks due to the large amount of wealth and the fact that cybersecurity infrastructure is still under development. However, as Kuwait makes the shift from being a developing economy to a developed nation, people, companies and governments alike are realising the need for cybersecurity.
The oil industry has been more receptive to cybersecurity protection, with this being a legacy of the UK, who lay strong foundations in terms of preventive action. We also receive notifications of threats from the Saudi integrated hydrocarbons company Saudi Aramco, which has alerted all countries in the region about the importance of cybersecurity and the consequences of cyberattacks. There was a point where people did not understand the criticality of cybersecurity but once examples popped up in the oil industry and financial services, awareness grew rapidly.
The current predicament of the financial sector as a result of recent attacks has alarmed people that hackers are targeting financial institutions, which has forced them to invest more into cybersecurity. Increasingly, more industries are listening to see what is happening locally and internationally from a cybersecurity standpoint and are responding when needed. Companies can respond to impending threats with only so much success; at a certain point, more preventive and sustainable measures must be taken, which is considered an international best practice. Additionally, preventative measures are overall less costly and less disasterous than other more impulsive and reactive ones.