Cyber Risk in the Middle East – How secure is your firm and its ecosystem?
In the UAE, the National Electronic Security Authority (“NESA”), the federal authority for the UAE, is charged with strengthening the nation’s cyber security measures. Therefore, NESA Compliance is mandatory for all UAE government entities and other entities identified as critical national services by NESA. In addition, compliance with NESA’s set guidelines is compulsory for all entities and stakeholders who support and deal with critical national information or provide such services.
Following NESA’s lead, the Dubai Financial Services Authority (“DFSA”), the financial regulator of the Dubai International Financial Center (“DIFC”), and the Financial Services Regulatory Authority (“FSRA”), the financial regulator of the Abu Dhabi Global Market (“ADGM”), have put a significant focus on cyber security compliance and they have both implemented a number of thematic and guidance reviews.
DFSA cyber risk thematic reviews
In June 2020, the DFSA published a thematic review report on cyber risk as part of its ongoing objective of identifying the maturity and resilience levels of the cyber security framework of Authorised Firms operating under the DIFC. The review focused on assessing cyber-risk governance frameworks and incident preparedness. The DFSA followed up with another thematic review in early 2022 and has recently provided the results, which included a set of its expectations and best practice examples of cyber risk compliance.
In addition to the two thematic reviews, the DFSA launched a Cyber Threat Intelligence Platform (CTIP), with the primary objective to facilitate the sharing of information as a community in order to raise awareness among Authorised Firms within the DIFC. Another objective of such sharing is to make the Authorised Firms proactive rather than reactive with regards to potential cyber attacks.
ADGM guidance & online tools
In Abu Dhabi, the ADGM published guidance and online tools to assist ADGM registered entities by encouraging them to comply with the ADGM Regulations. The focus within the ADGM leans more towards Data Protection, however, it has also given guidance towards cyber security and the FSRA’s expectations.
Whether this is mandatory, as it is under NESA, or provided as guidance, we expect the UAE regulators to continue to focus heavily on cyber security compliance, particularly as other International Regulators have made it a mandatory regulation.
How can Waystone Compliance Solutions help?
Waystone Compliance Solutions leads the way in specialist services in governance, risk, and compliance, including cyber crime prevention as a core service to help companies mitigate these risks. We offer several bespoke cyber security services to meet your needs, including:
- cyber security governance and resilience assessments
- cyber security hygiene assessments
- cyber awareness training for leadership teams and staff
- policy review and development.
Our independent, information security consultancy/advisory team has extensive experience in InfoSec and Data Protection, both on a regional and global basis. Please contact us for a complimentary initial assessment of your company’s cyber security framework.