Cyber Risk in the Middle East – How secure is your firm and its ecosystem?

Cyber-attacks are the unauthorised exploitation of systems, networks and technologies and they have been a high-risk item on companies' agendas for many years. Cyber security compliance is the tool used to protect against such attacks. The cyber security compliance landscape is complex and evolving. It presents many challenges along with additional overheads and an uncertainty about how to remain cyber security compliant.

In the UAE, the National Electronic Security Authority (“NESA”), the federal authority for the UAE, is charged with strengthening the nation’s cyber security measures. Therefore, NESA Compliance is mandatory for all UAE government entities and other entities identified as critical national services by NESA. In addition, compliance with NESA’s set guidelines is compulsory for all entities and stakeholders who support and deal with critical national information or provide such services.

Following NESA’s lead, the Dubai Financial Services Authority (“DFSA”), the financial regulator of the Dubai International Financial Center (“DIFC”), and the Financial Services Regulatory Authority (“FSRA”), the financial regulator of the Abu Dhabi Global Market (“ADGM”), have put a significant focus on cyber security compliance and they have both implemented a number of thematic and guidance reviews.

DFSA cyber risk thematic reviews

In June 2020, the DFSA published a thematic review report on cyber risk as part of its ongoing objective of identifying the maturity and resilience levels of the cyber security framework of Authorised Firms operating under the DIFC. The review focused on assessing cyber-risk governance frameworks and incident preparedness. The DFSA followed up with another thematic review in early 2022 and has recently provided the results, which included a set of its expectations and best practice examples of cyber risk compliance.

In addition to the two thematic reviews, the DFSA launched a Cyber Threat Intelligence Platform (CTIP), with the primary objective to facilitate the sharing of information as a community in order to raise awareness among Authorised Firms within the DIFC. Another objective of such sharing is to make the Authorised Firms proactive rather than reactive with regards to potential cyber attacks.

ADGM guidance & online tools

In Abu Dhabi, the ADGM published guidance and online tools to assist ADGM registered entities by encouraging them to comply with the ADGM Regulations. The focus within the ADGM leans more towards Data Protection, however, it has also given guidance towards cyber security and the FSRA’s expectations.

Whether this is mandatory, as it is under NESA, or provided as guidance, we expect the UAE regulators to continue to focus heavily on cyber security compliance, particularly as other International Regulators have made it a mandatory regulation.

How can Waystone Compliance Solutions help?

Waystone Compliance Solutions leads the way in specialist services in governance, risk, and compliance, including cyber crime prevention as a core service to help companies mitigate these risks. We offer several bespoke cyber security services to meet your needs, including:

  • cyber security governance and resilience assessments
  • cyber security hygiene assessments
  • cyber awareness training for leadership teams and staff
  • policy review and development.

Our independent, information security consultancy/advisory team has extensive experience in InfoSec and Data Protection, both on a regional and global basis. Please contact us for a complimentary initial assessment of your company’s cyber security framework.

Previous post Next post
Share

More like this

FINRA highlights cyber security as one of the top risks facing the financial industry

FINRA recently released their “2023 Risk Profile” report, highlighting cyber security as one of the major threats confronting the financial…
Read more
Contact us