Saudi Arabia mulls cybersecurity budget growth to boost IT capacity
By Puja Sharma
A survey of business representatives conducted by Kaspersky for the IT Security Economics report found that IT budgets for cybersecurity are set to increase over the next three years for both SMBs and enterprises to cover a range of issues. In the Middle East, Turkiye, Africa region, median cybersecurity budgets for enterprises in 2022 were US $7,500,000 with over $18,000,000 allocated for IT in general, while for SMBs the figures stood at $150,000 for IT security and $375,000 for IT in general.
According to business representatives: the TOP-5 factors driving IT security budget increases in organizations in Saudi Arabia are business expansion, the need to boost the level of expertise of IT security specialists, recent cybersecurity incidents, the increasing complexity of IT infrastructure, and increased profits.
Budget increases would also help to counter the IT security issues that organizations currently face. This year, almost two-thirds (61%) of businesses in Saudi Arabia reported problems with data protection to be the most challenging: they experienced loss or exposure of corporate or customer data. Then followed issues with cloud infrastructure adoption (36%), business process outsourcing (43%), high cost of securing complex tech hardware and software (36%), suffering downtime and loss of productivity (29%), and low cybersecurity skills of employees (9%).
“Business continuity is ever depending on information security. Nowadays, when infrastructure becomes more complex and cyberattacks become more sophisticated, businesses are becoming more cyber aware and better understand the need for protecting every asset inside the organization,” said Ivan Vassunov, VP, of Corporate Products at Kaspersky. “State regulations are another important factor influencing the growing budgets for information security. These organizations require businesses to keep their operations and data security. Sometimes regulators tighten rules for the whole vertical market or industry.”
To maximize the efficiency of cybersecurity investments and minimize the risk of any attacks and data breaches for businesses, effective endpoint protection with threat detection and response capabilities should be used.
Despite the widespread belief among Middle East respondents that understanding the cyber threat actors who could be targeting an organization is important (94%), 83% stated that their organizations make most or all of their cyber security decisions without insights into the threat actor that is targeting them.
While the report found that a majority of respondents (91%) in the region were satisfied with the quality of threat intelligence their organization is using, respondents declared that effectively applying that intelligence throughout the security organization is one of their greatest challenges (49%).
According to the report, just over two-thirds (68%) of security decision-makers believe senior leadership teams still underestimate the cyber threat posed to their organizations, with respondents from the Middle East most likely to lack faith in their senior leadership’s knowledge of the cyber threat (68%).
Despite these concerns, however, security decision-makers remain optimistic regarding the effectiveness of their cyber defenses. When asked about confidence in whether their organization is fully prepared to defend itself against different cyber security events, respondents felt most confident in tackling financially motivated threats, such as ransomware, with the majority (96%) at least somewhat confident in defending against this, followed by those conducted by a hacktivist actor (95%) and nation-state actor (91%).
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage