DUBAI, UAE, February 14, 2018 /PRNewswire/ --
Two thirds of bank chief executives (71%) in the Middle East could be at risk of losing their jobs because they are not managing cybersecurity risks effectively.
Research shows that only 29% of Middle East banks with assets of more than $10bn have a chief information security officer (CISO) reporting directly to the chief executive - a key sign among cybersecurity professionals that an organisation is taking and managing these threats seriously. More than a third (35%) of CISOs have no direct reporting line to any C-level executives.
The research was carried out by Metin Mitchell & Co into the 49 qualifying banks in nine countries. No country was an outstanding performer; the two highest performers were Qatar (40%) and the Kingdom of Saudi Arabia at 38%.
Metin Mitchell, founder of the Dubai-based firm which specialises in executive search for Middle East financial services, said: "If cybersecurity experts are to have any impact in a bank they need more than technical skills - they also need a strong voice and business skills. They must be able to communicate effectively to the CEO and the board on the risks to both the business and shareholder values. They must also have the required budget and the ability to influence decision-making to mitigate those risks. How many of today's CISOs in the Middle East have the skills to do that? And more importantly, how many are empowered to do that and drive forward a multi disciplined approach to cybersecurity? How well a CEO prepares, and how well their team deals with a cyberattack, will all determine whether a CEO keeps their job when the bank is attacked."
Raef Meeuwisse - ISACA governance expert, author and cybersecurity adviser to Metin Mitchell & Co - explained the importance of CISOs reporting to the chief executive: "There is a shortage of cybersecurity skills. In a market competing for resources, the best talent goes to the organizations that look most appealing to work for. Security staff are not like normal people. They are not interested in your sector, turnover or profit. They want to know if your organization has the security fundamentals in place. Are you likely to still be operating in a few years time? One of the easiest ways to check is simply to ask, is your CISO reporting to the main board - and in the case of financial services this would be to the chief executive."
Notes to editors
1. Research on the top banking risks in 2017/18
EY's research 2017 on the top five strategic priorities for banks - from their global banking outlook survey of senior executives at almost 300 banks across the globe
- Managing reputational risk, including conduct and cultural risks
- Meeting regulatory compliance and reporting standards
- Enhancing data security and cybersecurity
- Meeting capital, liquidity and leverage ratio requirements
- Recruiting and retaining key talent
Banking Journal's report on the top bank risks in 2018 says
"Cybersecurity continues to be a primary risk focus for financial institutions of all sizes. Dennis Hild, managing director in risk consulting, specializing in financial services at Crowe Horwath, LLP, says part of the concerns going into 2018 revolve around the risk-threat lifecycle and the current stage of cyber in that evolution. "It's not very mature with regard to regulatory expectations and robust risk management," he explains.
2. Cybersecurity research
Metin Mitchell & Co carried out research in December 2017 and January 2018 into
- The titles of the most senior person responsible for cybersecurity
- Who this person reports to
The research included banks with more than $10bn in assets - these were in Bahrain, Egypt, Jordan, Kuwait, Lebanon, Oman, Qatar, UAE and KSA.
3. Metin Mitchell & Co
Metin Mitchell & Company is a Dubai-based executive search and management advisory firm working across the Middle East and North Africa. It specialises in recruiting board members, chief executives and other senior members of a company's management team.
SOURCE Metin Mitchell and Company DMCC