When KPMG’s inaugural UAE chief information security officer (CISO) survey was launched, little did we expect the challenges the world would face in 2020.

The pandemic has forced organizations to rapidly adapt to new ways of working, while simultaneously aiming to ensure adequate security measures are in place. Businesses – particularly their technology-related functions– are grappling with rapid implementation of remote access solutions, collaboration tools and cloudbased services.


Partner & Head of Cyber Security

KPMG Lower Gulf


Coinciding with this vast operational shift is a five-fold increase in cyberattacks. Perpetrators have quickly begun to exploit new vulnerabilities – both technical and human in nature – laid bare by the pandemic. UAE-based organizations’ cybersecurity strategies are being put to the test by new threats and a dizzying array of vulnerabilities not previously considered by CISOs.

As organizations adjust to this new reality, agility is an important factor. Each organization is only as secure as its employees, applications, or third parties, and must pivot accordingly.

Based on KPMG’s experience and input from local CISOs, we have highlighted key cybersecurity-related challenges faced across sectors within this publication.

Fending off threats

A majority of chief information security officers (CISOs) we surveyed in the United Arab Emirates (UAE) believe cyber criminals to be one of the biggest risks they currently face. 2020 has seen a significant increase in phishing and ransomware attacks, as described in our recently released report on the ongoing 2020 ransomware campaigns. Indeed, 88% of CISOs see phishing as one of the biggest cyberattack threats.

CISOs are not the only members of the C-suite to be concerned about cybersecurity. More than a third of those surveyed (39%) stated that minimizing the impact of a cyber-attack on the availability of customer or citizen services is a concern for their organization’s board. Indeed, according to the research, cybersecurity spending has increased in recent years and CISOs predict the trend will continue. As adoption of new technologies and digital platforms accelerates, so too will the cyber threat.

As the digitalization race becomes a marathon, the UAE continues to take steps to adopt appropriate legislation and regulations with respect to cybersecurity and data protection. The objective of these regulations and legislation is to protect citizens as well as organizations operating in the country, often building on international best practice, such as the General Data Protection Regulation (GDPR).

These regulatory changes have prompted a shift in many companies’ information security agendas. In fact, nearly half of respondents stated their security posture had improved due to the advent of new cybersecurity laws.