Christian Reilly, Field CTO EMEA, Cloudflare, tells us that while businesses in the Middle East and Türkiye are expecting a rise in cyberthreats, many are still inadequately prepared to defend against severe breaches.
It’s no secret that cyberattacks are becoming increasingly sophisticated, while simultaneously growing in number and volume. And this worrying trend is only expected to rise. In fact, Cloudflare’s own research shows that a staggering 78% of business leaders in the Middle East and Türkiye (MET) region expect their organisations to be hit by a cyberattack within the next year.
But, despite these concerns for the near future, the same study shows that only 46% of those leaders believe they are adequately prepared to handle such an incident. Clearly, there is a significant disconnect between the perceived risk of cyberthreats and the level of preparedness among the nation’s businesses.
So, as the digital threat landscape continues to evolve, regional businesses find themselves in an increasingly delicate position when it comes to cybersecurity. The growing number of incidents facing modern companies is well documented in today’s headlines, leaving organisations in no doubt that this is a serious issue that every business should have near the top of their agendas.
In this landscape, how can companies become more confident in their ability to defend themselves against modern cyberthreats?
Rising cyberthreats: a reality for businesses in the Middle East and Türkiye
The gap between the anticipated risks of cyberattacks and the preparedness of businesses to address them speaks volumes about the current state of cybersecurity in the Middle East and Türkiye.
This discrepancy isn’t a question of ignorance but of confidence – or the lack thereof. With 82% of organisations in the MET region reporting a cybersecurity incident in the past year according to our data, the threat is very real. And still, less than half of the business leaders surveyed feel they have the necessary defences in place. This points to a critical issue: while awareness is growing, true preparedness remains worryingly low.
That’s despite the real-life ramifications that can be expected when a business suffers a breach.
Cost of a breach is more than just financial
Not only could an incident have serious consequences for the business itself, but it could also have a negative impact on your employees and customers. Whether it’s financial losses, regulatory penalties or reputational damage, the stakes are high when it comes to having a lack of robust defense mechanisms.
The financial losses arising from incidents can rack up quickly. Among the 53% of respondents whose organisations experienced a cybersecurity incident in the past year, 77% estimated the financial impacts to be at least US$1 million, while one third (38%) estimated the loss to be US$2 million or more.
Financial loss is not the only impact organisations have suffered. 38% organisations have had to put growth plans on hold in the aftermath of an incident, and 37% have had to lay off staff as a result of the financial impact. Other organisations have been subjected to legal action or been forced to pay fines as a result of incidents.
Learning from experience
What stands out from the Cloudflare data is that sectors in the region with higher attack frequencies, such as financial services and IT, report feeling more prepared for future incidents. This is logical – experience breeds resilience. This confidence also likely stems from the sectors’ early adoption of advanced cybersecurity tools and practices, equipping them to handle the evolving threat landscape.
SolarWinds is a great example of a business that took significant steps to overhaul its security practices after a breach – and come out stronger. The company enhanced its software development process with its Secure by Design principle, adopted a Zero Trust architecture, and increased transparency by openly communicating with customers and regulators. SolarWinds also collaborated with cybersecurity experts to continuously improve their defences, while contributing to industry-wide efforts to bolster software supply chain security. These actions helped the company recover, educate the wider sector and become more resilient against future cyberthreats.
But while the financial services and IT sectors are more prepared for such an incident, others are lagging behind. Media and telecoms and transport, construction and real estate sectors are least prepared, given that they have experienced fewer incidents. The lower frequency of incidents in healthcare (49%) is counterintuitive – the industry tends to be a highly targeted sector because it often suffers from a lack of investment and because systems hold vast amounts of sensitive patient data. Given the sensitive nature of the data handled in healthcare, a significant cyberattack could have devastating consequences. And as cyberthreats become more sophisticated and frequent, hope is not a strategy.
Just because businesses have been lucky enough to avoid an attack so far, it doesn’t make them immune in the future. And the industries that have yet to face a cyberattack are worryingly underprepared.
Cybersecurity as a catalyst for business modernisation
Despite the challenges posed by the growing threat of cyberattacks, there is a positive shift in how business leaders are approaching cybersecurity. Our research shows that 74% of respondents expect the proportion of their IT budget dedicated to cybersecurity to rise over the next year. This is a positive sign, as organisations need to prepare for the increased volume of incidents they predict in the year ahead. For most, protecting their networks remains the number one investment area, with nearly 22% of the budget allocated to this pillar on average.
This evolving perspective is encouraging, as it suggests organisations are recognising the strategic value of strong cybersecurity measures. It highlights a recognition that robust defences can offer more than just protection – driving innovation, streamlining operations and enhancing overall efficiency, as well as offering opportunities for operational improvements and data protection. This forward-thinking approach turns cybersecurity from a defensive necessity into a strategic advantage.
By embedding cybersecurity into top-level decision-making rather than treating it as an afterthought, businesses are positioning themselves to thrive in an increasingly digital world.
The need for proactive cybersecurity measures
In an era where digital risks are evolving rapidly, businesses must invest not just in advanced technologies but in fostering a culture where cybersecurity is treated as a strategic priority. Simplified, consolidated solutions are key, but without the right mindset and a commitment to continuous improvement across the whole organisation, they will fall short.
Every company, regardless of its industry, must recognise the evolving threat landscape and take proactive steps to mitigate the risks. It’s time for every business to acknowledge that preparedness is more than just a checklist; it’s a mission-critical element of modern business strategy. Instead of being a reactive measure dusted off after a breach occurs, cybersecurity should be considered a proactive, central part of every organisation’s future-proofing plan. Businesses in the Middle East & Türkiye are waking up to the reality of cyberthreats – now they must ensure they are ready to face them head-on.