Search Comment Central
Freestocks I p Oq P6k COI unsplash
© Unsplash / Freestocks

The UK must turn to the Middle East for cybersecurity inspiration

Partha Gopalakrishnan
August 28, 2024

Over the past 12 months, news in the UK cybersecurity landscape has been consistently bleak. There has been a constant stream of reported breaches and attacks by malicious actors both large and small, and across the public-private divide.

The most embarrassing and reputationally harmful of these was the attack on the British Library at the end of last year. Rhysidia, a shadowy international hacking group, stole over 500,000 files of sensitive data such as employee passports and work contracts, which it then published for free on the dark web after the British Library refused to pay the 20 bitcoins (£600,000) ransom (The Guardian).

The intensity of the attacks has been no less relenting on the private sector. A damning report from Microsoft earlier this year classified 87% of UK companies as “vulnerable” to cyberattacks – and this has not gone unnoticed by the hordes of hacking groups operating safely from the UK’s geopolitical enemies’ turf.

The sands are rapidly shifting beneath the UK's feet – for both public sector leaders and private company CEOs. They need to rapidly pivot and find some firmer cybersecurity terrain on which to build their defences. Fortunately, there is one area of the world that can provide them with some ready inspiration – the Middle East. Specifically, the successful integration of AI-bolstered cybersecurity systems across corporations in the UAE and Saudi Arabia.

Fortunately, there is one area of the world that can provide them with some ready inspiration – the Middle East. Quote

IBM recently released its annual Cost of a Data Breach Report, revealing the average cost of a data breach for businesses in the Middle East reached SAR 32.80 million in 2024. This is not surprising – as firms in the Middle East have grown, they’ve increasingly found themselves in the harsh glare of global hackers.

This has led to some significant cybersecurity innovation in the region, notably in developing and adopting AI-powered security tools. The same IBM report found that those organisations with extensive AI and automation had lower average breach costs – SAR 26.54 million compared to those without AI-enabled tools who were hit for an average of SAR 38.85 million.

The positive effects of AI-first cybersecurity are also compounded by the impact of exposure time. Those organisations with AI had an average of 198 days to identify a breach and 57 days to contain it. Those which did not had 294 days to identify a breach and 78 days to contain it (IBM).

For the government and CEOs in the UK, this report should make for some pretty stark reading. As the threat level ratchets up, and the pressure becomes more acute, CEOs can reach for a new tool in their arsenal to insulate their firms and prevent themselves from becoming the next high-profile victim.

Comprehensive enterprise-grade cybersecurity preparation must be multi-faceted, and CEOs must drive change across the four key axes of preparation, prediction, detection, and response. For preparation, AI-driven simulations can ensure that cybersecurity training programmes genuinely simulate real-world attacks. Regular AI-powered simulations and training exercises can help to mitigate the ever-present threat of human error in large corporations.

For prediction, AI tools can be leveraged to flag threats before they emerge – specifically using AI-powered data analysis and predictive analytics. CEOs can then proactively adjust their firm’s security posture, even before the malicious actors have launched the attack, effectively neutralising it before it reaches the city walls.

Similarly, these same analytical capabilities mean that AI can be rolled out to upend corporate cybersecurity threat detection completely. AI-driven security platforms can continuously monitor network traffic, user behaviour, and data flows, processing a far more significant amount of information and at a faster rate than humans.

Finally, AI should also form the foundation of any response strategy to breaches that occur. Initial stages of incident response can be expedited and enhanced with AI immediately isolating affected systems, blocking specific IPs, and alerting in-house or external security teams.

Obviously, humans are a vital part of any cybersecurity defence system, but, especially when it comes to threat detection and response, AI tools allow them to operate at a far greater capacity and speed. These hours and minutes can make all the difference between a breach being contained and thousands of sensitive files being lost. For CEOs, these vital moments are what can make or break them and their firm.

Cybersecurity in the UK has long been a blind spot – both in the corporate world and also in government. After a spate of attacks in the public sector, CEOs can expect the spotlight to shift towards them soon – and they need to be preparing now. For the heads of government institutions, they are already under fire. Both need to follow the Middle East’s lead and invest in AI-powered cybersecurity now – or they’ll risk further degrading the UK’s cybersecurity prospects.

PG

Partha Gopalakrishnan is founder and CEO of consulting firm PG Advisors. He was previously a senior executive at Tech Mahindra and Infosys.

What to read next
Shutterstock 2509877993
The upcoming debate on the Second Reading of the Mutual Enforcement...
Portrait 2024 12 05 163535 achr
Lord Dodds of Duncairn
December 5, 2024
Shutterstock 2481354253 1
A UN climate summit whose host called oil and gas “a...
Green
Adrian Ramsay MP
December 5, 2024
Shutterstock 2503859465
This past week Iran’s foreign minister visited Cairo for the first...
Joseph Hammond Headshot
Joseph Hammond
December 3, 2024