With global geopolitical instability elevating the threat of cyberattacks against businesses and government agencies alike, the GCC is rapidly developing more robust and comprehensive cybersecurity strategies to respond to the evolving nature of such threats.

Since experiencing their first major cyberattacks in the early 2010s, the six members of the GCC have looked at ways to bolster their cybersecurity by increasing their resilience and upgrading capacity. However, Russia’s invasion of Ukraine in early 2022 – which saw an increase in the number and sophistication of global attacks – has prompted more urgent action.

The Portulans Institute’s Network Readiness Index 2022, which ranks countries using metrics related to digital transformation, ranked Saudi Arabia second globally on cybersecurity, behind the US. The UAE placed eighth, while Oman ranked 28th, Qatar 34th, Bahrain 68th and Kuwait 73rd. While this suggests the GCC is in a relatively strong position, the average cost of cyberattacks in the region – $6.9m per incident – is higher than the global figure of $4.2m, according to Mohamed Al Kuwaiti, managing director of the National Data Centre under the UAE’s Supreme Council for National Security.

Given the size and scope of the challenge, the GCC has embraced political and technical cooperation. In October 2022 the GCC Ministerial Committee for Cybersecurity held its first meeting in Riyadh at the GCC Secretariat General headquarters, with the heads of cybersecurity from all six countries in attendance. The meeting covered matters of mutual interest and ended with plans to implement joint cybersecurity exercises to bolster the exchange of information and expertise.

Threats to Digital Economies

The changing nature of cyberthreats is prompting a holistic reassessment of strategies and approaches to cybersecurity. GCC countries have long-term plans to diversify away from extractive industries towards technology and innovation, and have already invested in a raft of technological advancements in artificial intelligence, data and cloud computing. This not only underscores the need for more robust cybersecurity, but also requires a more holistic approach to protecting data.

“As data is increasingly distributed in wide networks, clients are only as secure as their vendors; as a result, cybersecurity should put the focus on the integrity of the network, which requires both cybersecurity firms and regulators to establish mechanisms that allow for the protection of data among clients, vendors and partners,” Mirza Asrar Baig, CEO and founder of CTM360, a Bahraini digital risk-protection firm, told OBG.

Local Capacity Building

Ambitions to strengthen cybersecurity in the GCC will require training initiatives to build local human capacity. “One of the key challenges in recruiting IT specialists in the region is finding those eager to build new solutions from the ground up, and who understand that regional talent can deliver innovation, rather than replicating models applied elsewhere,” Baig told OBG.

In August 2022 Saudi Arabia’s National Cybersecurity Authority launched the CyberIC programme to develop national capabilities and localise technology development in cybersecurity. The programme is slated to increase the number of cybersecurity start-ups by assisting more than 60 companies. Earlier that year Saudi Arabia established Wamda, an initiative to foster the leadership skills of female cybersecurity specialists.

Meanwhile, Dubai Cyber Innovation Park held its second Cybersecurity Bootcamp in February 2023 to train a specialised and qualified cybersecurity workforce from a pool of new graduates and those looking to build a career in the field. That same month Tamkeen, Bahrain’s semi-autonomous public agency charged with developing the private sector, graduated the first cohort from its eight-month Cybersecurity Training Programme conducted in partnership with SANS Institute, a cybersecurity training and education provider.