Cyber Risk in the Middle East – How secure is your firm and its ecosystem?

      Cyber-attacks are the unauthorised exploitation of systems, networks and technologies and they have been a high-risk item on companies' agendas for many years. Cyber security compliance is the tool used to protect against such attacks. The cyber security compliance landscape is complex and evolving. It presents many challenges along with additional overheads and an uncertainty about how to remain cyber security compliant.

      In the UAE, the National Electronic Security Authority (“NESA”), the federal authority for the UAE, is charged with strengthening the nation’s cyber security measures. Therefore, NESA Compliance is mandatory for all UAE government entities and other entities identified as critical national services by NESA. In addition, compliance with NESA’s set guidelines is compulsory for all entities and stakeholders who support and deal with critical national information or provide such services.

      Following NESA’s lead, the Dubai Financial Services Authority (“DFSA”), the financial regulator of the Dubai International Financial Center (“DIFC”), and the Financial Services Regulatory Authority (“FSRA”), the financial regulator of the Abu Dhabi Global Market (“ADGM”), have put a significant focus on cyber security compliance and they have both implemented a number of thematic and guidance reviews.

      In June 2020, the DFSA published a thematic review report on cyber risk as part of its ongoing objective of identifying the maturity and resilience levels of the cyber security framework of Authorised Firms operating under the DIFC. The review focused on assessing cyber-risk governance frameworks and incident preparedness. The DFSA followed up with another thematic review in early 2022 and has recently provided the results, which included a set of its expectations and best practice examples of cyber risk compliance.

      In addition to the two thematic reviews, the DFSA launched a Cyber Threat Intelligence Platform (CTIP), with the primary objective to facilitate the sharing of information as a community in order to raise awareness among Authorised Firms within the DIFC. Another objective of such sharing is to make the Authorised Firms proactive rather than reactive with regards to potential cyber attacks.

      In Abu Dhabi, the ADGM published guidance and online tools to assist ADGM registered entities by encouraging them to comply with the ADGM Regulations. The focus within the ADGM leans more towards Data Protection, however, it has also given guidance towards cyber security and the FSRA’s expectations.

      Whether this is mandatory, as it is under NESA, or provided as guidance, we expect the UAE regulators to continue to focus heavily on cyber security compliance, particularly as other International Regulators have made it a mandatory regulation.

      How can Waystone Compliance Solutions help?

      Waystone Compliance Solutions leads the way in specialist services in governance, risk, and compliance, including cyber crime prevention as a core service to help companies mitigate these risks. We offer several bespoke cyber security services to meet your needs, including:

      • cyber security governance and resilience assessments
      • cyber security hygiene assessments
      • cyber awareness training for leadership teams and staff
      • policy review and development.

      Our independent, information security consultancy/advisory team has extensive experience in InfoSec and Data Protection, both on a regional and global basis. Please contact us for a complimentary initial assessment of your company’s cyber security framework.

       Next post
      Share

      More like this

      Cybersecurity Awareness Month – a focus for asset managers

      Cybersecurity Awareness Month occurs each October and is a collaboration between government and private industry, designed to promote the importance…
      Read more

      eComms compliance – the SEC continues its scrutiny and issues substantial fines

      In September 2021, the SEC began its focus on how banks were monitoring, archiving and safeguarding business-related eComms being undertaken…
      Read more

      What role should NEDs play in cybersecurity?

      Waystone Compliance Solutions’ Chief Information Security Officer, Conor Flynn, was recently featured in an Assured article where he provided insight…
      Read more

      Building your cyber security foundation

      At Waystone Cyber Security Solutions we believe that as you grow your firm it should be built on a strong…
      Read more

      SEC Fines Firm $35 Million for Failure to Protect Client Data

      On September 20, 2022, the U.S. Securities and Exchange Commission (“SEC”) fined Morgan Stanley Smith Barney for their purported failure…
      Read more

      Securing sensitive employee data – recommended HR policies and procedures

      The onboarding and offboarding of employees is not a subject that we often think about in terms of information security.…
      Read more