pixel_dreams - Fotolia

UAE businesses struggle with security breach declaration

UAE firms find difficulty in providing facts on security breaches, while consumers demand to be informed of incidents

Almost half of consumers in the United Arab Emirates (UAE) say their view of a company subjected to a cyber attack would be unfavourable, and more than half say they would stop buying from a compromised company and would take legal action, according to study from security supplier FireEye.

Meanwhile, a report from VMware says UAE businesses are struggling to come clean about data breaches because most IT leaders in the country are covering up information about attacks.

The FireEye study, based on surveys of UAE consumers, makes worrying reading for Middle Eastern businesses that hold consumer data, given the country’s emergence as a regional hub for finance, retail and energy. This status has made UAE businesses enticing targets for cyber criminals, FireEye said in the report.

Richard Turner, president for EMEA (Europe, Middle East and Africa) at FireEye, said the survey findings suggest that cyber attacks could cost businesses more than had previously been thought.

“While the risk to a company’s finances and intellectual property are evident in the event of a breach, this survey highlights the hidden cost of cyber attacks on businesses, with customers less likely to buy from companies with a poor reputation for security, long after the actual incident has taken place,” said Turner.

To make matters worse, a recent report from VMware suggests IT leaders are being incentivised to cover up breaches, and are hiding the details from their own business executives and their customers.

The report, carried out by market research agency Vanson Bourne, said 36% of IT decision-makers in the UAE do not reveal cyber attacks to their senior leadership.

According to the FireEye report, 70% of respondents said they expect organisations that have been breached to inform them immediately in case criminals have gained access to their personal data.

Read more about enterprise IT in the Middle East

The findings of the two reports put UAE business leaders in a tricky position. Consumers expect to be told about company breaches, but after being informed, they are likely to punish a breached company with at least reduced loyalty and at most legal action. Within organisations, IT leaders tend to hold their business leaders responsible for breaches, but fail to release information concerning attacks.

FireEye’s Turner said the findings suggest UAE business leaders should be more proactive when it comes to cyber security for their organisations. He pointed out that if a company can prove itself a secure provider of services or goods, customers may even reward good security with brand loyalty.

“Companies have long viewed data security as a cost, but it is now presenting an opportunity for them to attract a new and growing type of customer who wants assurance that their data is safe when dealing with companies,” he said.

Read more on Data breach incident management and recovery