Russia’s invasion of Ukraine in February 2022 caused disruptions across the global economy, prompting an increase in the number and sophistication of cyberattacks. According to a poll of 800 chief audit executives by the UK-based Chartered Institute of Internal Auditors, 77% of respondents thought the war in Ukraine had elevated cybersecurity and data-security risks. Senior cybersecurity analysts have said the invasion has been accompanied by a sustained cyber-conflict, with a large number of attacks and threats launched since the start of the war.
Pandemic Cyberthreats
The increased threat of cyberattacks builds on the already heightened cybersecurity environment triggered by the Covid-19 pandemic. As financial transactions have increasingly migrated online since the outbreak of the pandemic, businesses have become targets for hackers. According to a 2022 report from security vendor SonicWall, ransomware attacks were up 105% in 2021, including a 1885% increase in attacks on government agencies, with health care (755%), education (152%) and retail (21%) entities also seeing a notable rise in breaches.
Indeed, the adoption of digital solutions during the pandemic increased cyberthreats to the education sector and emerging markets with large digital industries, a threat that continued into 2023. In June 2022 hackers claimed to have stolen 20 GB of sensitive data – including credit card data – from the Marriott hotel chain. Additionally, a ransomware attack against the Costa Rican government in April 2022 so thoroughly disrupted financial operations in the country that it led to the declaration of a national emergency, a first for such an attack. In September 2022 Uber’s internal systems were compromised when a hacker obtained an employee’s credentials.
Cryptocurrencies have provided similarly fertile ground for hackers around the world. With cyberattacks on the rise in recent years, several emerging markets have taken steps to bolster security, although concerns remain. “The 2022 State of Email Security” report published by UK-headquartered IT security firm Mimecast found that six in 10 Saudi companies saw an increase in the number of emailbased threats during the previous year. In another survey conducted by the firm in 2022, 68% of the 400 IT decision-makers in the Kingdom and the UAE surveyed have had to postpone digital transformation initiatives in response to cybersecurity concerns. As businesses go digital, attackers have more scope to target and compromise their systems.
MENA Impact
The value of the Middle East’s cybersecurity market is projected to grow from $20.3bn in 2022 to $44.7bn in 2028. This is partly a reflection of the risks, as IBM’s annual “Cost of a Data Breach Report” published in July 2022 found that the global average cost of a data breach was $4.4m for the companies, an all-time high. According to the report, 60% of the organisations studied had to raise prices for goods and services due to data breaches.
Smaller businesses with fewer resources to invest in cybersecurity mechanisms and tools face distinct online risks. For example, small businesses in Bahrain witnessed a 348% rise in cyberattacks during the first quarter of 2022 compared to the same period in 2021, according to Russian cybersecurity firm Kaspersky, which detected nearly 45,300 breaches in the first three months of 2022. To keep pace with the emerging opportunities and threats, in early 2022 Bahrain launched the Telecommunications, ICT and Digital Economy Sector Strategy 2022-26, which includes such objectives as developing cybersecurity standards and enhancing the country’s capacity to monitor and respond to cyberattacks, as well as conducting cybersecurity training for at least 20,000 citizens.
Meanwhile, in June 2022 Bahrain’s Telecommunications Regulatory Authority launched the Telecommunications Emergency Response Plan. Designed in collaboration with other stakeholders, the plan lays out a coordinated sector-wide response to ICT-related issues. By bolstering the country’s cybersecurity measures, the roadmap seeks to ensure business continuity in sectors like health, education and energy.
Regional Recognition
Saudi Arabia was second overall in the cybersecurity index in the Switzerland-based International Institute for Management Development’s World Competitiveness Yearbook 2022. The ranking was recognition of the “Saudi model in cybersecurity”, as the Kingdom is developing its cybersecurity capacity and workforce through initiatives like the Saudi Cybersecurity Higher Education Framework, which aims to develop quality academic programmes in cybersecurity. It has also implemented the Saudi Cybersecurity Workforce Framework.
The most recent edition of the International Telecommunication Union’s Global Cybersecurity Index from 2020 ranked Oman 21st in the world, with the union giving it the maximum 20 points in the categories of legal measures, technical measures and organisational measures. Among its GCC peers, Oman ranked third, trailing Saudi Arabia and the UAE.
Global Responses
Nigeria has taken notable steps to improve its cybersecurity. In June 2022 the government announced the creation of cybersecurity toolkits for more than 41m micro-, small and medium-sized enterprises. In June 2022 Kenya announced that it was planning to create strategies that would protect the country’s developing digital ecosystem.
The same month international media reported that the US and the EU were developing plans to fund secure digital infrastructure in developing countries. The proposal marks the first time the US and the EU plan to work together to fund and protect other countries’ critical infrastructure from cyberattacks. The initial projects under the agreement are slated to take place in Africa and Latin America.
Some regions tend to be at greater risk of a cyberattack than others. According to the Cyber Risk Index for the first half of 2022 – developed by Japanese multinational cybersecurity software company Trend Micro in partnership with the Ponemon Institute – North America had the highest level of risk, followed by Asia-Pacific, Latin and South America, and Europe (Africa was not included in the report). However, Asia-Pacific topped the list when it came to its preparedness for dealing with cyberattacks, followed by North America, Latin and South America, and Europe. The report also found that more than 80% of respondents in all regions believed they were very likely to be compromised in the next 12 months.
As countries around the world take stock of the risks and damages associated with cybercrime, it is expected that the rise in attacks may lead to greater demand for innovative solutions such as cyberinsurance. According to Vantage Market Research, the global market for cyberinsurance is projected to reach $28.5bn by 2028, up from $7.5bn in 2021.
Read More from OBG
