Economic Update

Published 01 Mar 2023

– Cyberattacks remain top of mind for global business and political leaders

– Business disruption and reputational damage are key concerns

– GCC countries are actively cooperating in the cybersecurity domain

– Regional governments and businesses are looking to cultivate local talent

With global geopolitical instability elevating the threat of cyberattacks against businesses and government agencies, the six countries of the GCC are rapidly building more robust and comprehensive cybersecurity strategies to respond to the evolving nature of cyberthreats.

In a January 2023 survey of 117 global leaders from 32 countries and 22 industries, 91% of respondents believed that a far-reaching, catastrophic cyber-event was at least somewhat likely in the next two years, while 43% believed that a cyberattack would materially affect their organisations. The findings were published by the World Economic Forum (WEF) in its “Global Cybersecurity Outlook 2023”, produced in collaboration with Accenture.

Cyber-resilience in the GCC

Since experiencing their first major cyberattacks in the early 2010s, GCC countries have looked at ways to bolster their cybersecurity by increasing cyber-resilience and upgrading capacity.

However, Russia’s invasion of Ukraine in early 2022, which saw an increase in the number and sophistication of global attacks, has prompted more urgent action.

Some GCC countries have already forged strong cybersecurity defences, according to the Portulans Institute’s “Network Readiness Index 2022”, which ranks countries using a host of metrics related to digital transformation. In terms of cybersecurity, Saudi Arabia ranked second globally behind the US, while the UAE ranked eighth, Oman 28th, Qatar 34th, Bahrain 68th and Kuwait 73rd.

While these rankings suggest that the GCC is in a relatively strong position, the average cost of cyberattacks is also higher in the region, with a data breach costing $6.93m per incident, above the global average of $4.24m, according to Mohamed Al Kuwaiti, managing director of the National Data Centre under the UAE’s Supreme Council for National Security.

Al Kuwaiti made this claim in December in Bahrain, which hosted the first Arab International Cybersecurity Summit, a platform for the global industry to gain entry to the region’s emerging cybersecurity sector.

Given the size and scope of the challenge, the GCC has embraced political and technical cooperation. In October the GCC Ministerial Committee for Cybersecurity held its first meeting in Riyadh at the headquarters of the GCC Secretariat General, with the heads of cybersecurity from all six countries in attendance.

The meeting covered matters of mutual interest and ended with plans to implement joint cybersecurity exercises to bolster the exchange of information and expertise and to develop the sector across the region.

Threats to digital economies

The changing nature of cyberthreats is prompting a holistic reassessment of strategy and approaches to cybersecurity. A key takeaway from the WEF’s outlook is that respondents believe that cyberattacks are more likely to focus on causing business disruption and reputational damage going forwards.

GCC countries have long-term plans to diversify their economies away from extractive industries towards technology and innovation and have already invested in a raft of technological advancements in artificial intelligence (AI), data and cloud computing. These plans not only underscore the need for robust cybersecurity, but also require a more holistic approach to protecting data-driven networks.

“As data is increasingly distributed in wide networks, clients are only as secure as their vendors; as a result, cybersecurity should put the focus on the integrity of the network, which requires both cybersecurity firms and regulators to establish mechanisms that allow for the protection of data on the side of clients, vendors and partners,” Mirza Asrar Baig, CEO and founder of CTM360, a Bahraini digital risk-protection company, told OBG.

Meanwhile, momentum to expand the GCC’s international reach in cybersecurity and ICT continues apace.

In November 2022 Saudi Arabia’s National Cybersecurity Authority (NCA) hosted the Global Cybersecurity Forum – first held in 2020 – to address the macroeconomic, geopolitical and strategic considerations shaping global cybersecurity.

Last year the NCA launched the National Portal for Cyber Security Services (HASEEN), a body that aims to develop and manage cyber-services, support communication mechanisms and enhance cybersecurity capacities. All government agencies have access to HASEEN, which the NCA plans to use to conduct 7000 cybersecurity assessments in 2023.

In October Dubai’s Gitex Global 2022 brought together 10,000 programmers and developers from various international technology companies including US tech giant Microsoft and 26 of its partners, which introduced a slew of new technologies for cloud computing, mixed-reality experiences, AI and cybersecurity.

Last month, Saudi Arabia’s Ministry of Communications and Information Technology also held the second annual LEAP tech conference, which produced a host of partnerships and over $16bn in investment, in line with Saudi Vision 2030 digitalisation goals.

“There is potential in the region to turn the local landscape, which is dominated by systems integrators, into one with IT companies driven by local talent and developing proprietary solutions with a global reach, in cybersecurity and other areas,” Baig told OBG. “One of the key challenges in recruiting IT specialists in the region is finding those eager to build new solutions from the ground up and who understand that regional talent can deliver innovation, rather than replicating models applied elsewhere.”

Local capacity building

Ambitions to strengthen cybersecurity in the GCC will require training initiatives to build local human capacity.

In August 2022 the NCA launched the CyberIC programme to develop national capabilities and localise technology development in cybersecurity. The programme is slated to increase the number cybersecurity start-ups by assisting more than 60 national companies, 40 through the cybersecurity accelerator programme and 20 through the cybersecurity challenge.

Earlier last year Saudi Arabia also established Wamda, an initiative to foster the leadership skills of female Saudi cybersecurity specialists.

Meanwhile, Dubai Cyber Innovation Park held its second Cybersecurity Bootcamp in February 2023 to train a specialised and qualified cybersecurity workforce from a pool of new graduates and others looking to build a career in the field.

Bahrain’s labour fund Tamkeen is following suit by graduating the first cohort from its eight-month Cyber Security Training Programme conducted in partnership with SANS Institute, a cybersecurity training and education provider. Graduates are expected to address the needs of government organisations and private sector companies at the local and international level.