United Arab Emirates Cybersecurity: Top Companies Exposed to Supply Chain Breaches
- 73% of companies have third-party suppliers that experienced a breach
- 73% exposed to a fourth-party breach, indicating significant business risk
Dubai, UAE – 11th February 2024 – SecurityScorecard today released a comprehensive analysis of the cybersecurity landscape of the largest companies in the United Arab Emirates (UAE).
SecurityScorecard threat hunters and data scientists used the largest proprietary risk & threat intelligence dataset on the planet to analyse third and fourth-party breaches among the UAE’s 30 largest companies. As third-party breaches, such as MOVEit, dominate breach notifications, understanding the organizations in a supply chain and critical dependencies is essential to reducing risk.
- Supply chain cyber risk: 73% have third-party suppliers that experienced a breach.
73% have a relationship with a fourth party that has been breached. Drawing attention to the threat of third-party attacks is the recent vulnerability in Progress Software’s file-transfer tool MoveIt, with hackers claiming to have attacked hundreds of organizations globally.
- High-risk companies: 10% had cybersecurity ratings of a C or below.
An organization with a C rating has a breach likelihood of 5.4x compared to those with an A rating. The companies deemed high-risk should focus on enhancing application and network security, with particular attention to DNS Health, Endpoint Security, and Patching Cadence.
- Strong cybersecurity resilience: 90% of UAE’s top 30 have an A or B score.
Notably, 43% of companies have an A cybersecurity rating and have not experienced a breach for a year. This group consists primarily of energy and financial firms. Cybersecurity resilience is inextricably linked to trust. Organizations’ ability to thwart and rebound from cyberattacks directly influences economic confidence.
Steve Cobb, Chief Information Security Officer of SecurityScorecard, stated, “Companies must prioritize managing supply chain risk by pinpointing vendors in their ecosystem susceptible to known, high-risk vulnerabilities and those with active infections.”
A new era of cyber risk management
Just as credit ratings provide a clear and standardized measure of financial credibility, cyber risk ratings can offer a similar benchmark for cybersecurity resilience. The availability of objective data on cybersecurity resilience gives business and government leaders a new language for cyber risk management – one that permits them to be relentlessly data-driven.
Jan Bau, Vice President of EMEA, said: “Third-party data breaches are a problem for many large organizations globally, but with clear guidance and the right cyber tools, they can be drastically reduced. SecurityScorecard is at the forefront of cyber risk assessment across the Middle East, offering comprehensive ratings that enable organizations worldwide to understand, improve, and communicate their cybersecurity posture and provide in-depth insights into the risk profile for critical suppliers.”
Our analysis of the top 30 companies in the UAE by revenue shows areas for improvement. This report examined companies in the following sectors: energy, finance, manufacturing, transportation, utilities, and technology. The report covers 20 January 2023 to 20 January 2024.
A dynamic threat landscape requires real-time risk assessment. SecurityScorecard gathers significant amounts of non-intrusive data on the cybersecurity performance of companies worldwide. Using this data, SecurityScorecard calculates an overall score, graded A through F, based on ten factors that are predictive of a security breach. Validation of SecurityScorecard scores using statistical analysis demonstrates that companies with an F rating have a 13.8x greater likelihood of a data breach than companies with an A.
For more in-depth information and access to the UAE top 30 report, please visit: https://securityscorecard.com/white-paper/uae-cybersecurity/
Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.
Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard makes the world safer by transforming how companies understand, improve, and communicate cybersecurity risks to their boards, employees, and vendors. SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.