Top of Page

Infosecurity Middle East: World’s Largest Non-Profit Association of Certified Cybersecurity Professionals Calls for Review of Business Risk – Not Just IT Risk – in Wake of Disruptive Change

  • With only 19% of ME professionals able to attribute cybersecurity breaches to known vulnerabilities, (ISC)2 addressed fundamental concern with governance and operational risk management
  • Chief Information Security Officer of Mashreq Bank: “Operational risk of cyber threats can exceed traditional financial risk”

Dubai, UAE: March 9, 2018 – (ISC)², an international non-profit membership association of certified cybersecurity professionals, highlighted the growing levels of operational risks and the evolving role of the CISO (Chief Information Security Officer) during Infosecurity Middle East, which was jointly organized by the UAE Ministry of Interior and Reed Exhibitions in Abu Dhabi this week.

(ISC)²’s Global Information Security Workforce Survey reveals that only 19% of Middle East participants can attribute the majority of the security breaches experienced by their companies to known vulnerabilities. Highlighting this concern in his keynote address, Dr. Adrian Davis, CISSP, (ISC)²’s Director of Cybersecurity Advocacy for the EMEA region, discussed the increasing impact of disruptive technologies on companies, particularly the evolving ecosystem of Internet of Things (IoT) and the proliferation of artificial intelligence and machine learning solutions, at a time when global and local cybercrime rates are being reported at an all-time high. [1]

Davis called on companies to: “Change their conversations about information and cybersecurity so that they can elevate the importance given to the risks. We are constantly challenged by the pace of change in organisations as new technology and processes are introduced without adequately engaging security teams.  These teams, now chronically understaffed, are working long hours to address the fall out and struggle to gain the visibility needed, leaving much to remain poorly understood outside of their practice.”

Dr. Davis’ session was complemented by Tamer Gamali, CISSP,  CISO of Mashreq Bank and member of (ISC)² EMEA Advisory Council, who hosted a closed roundtable discussion within Infosecurity’s CISO Programme. The session, focused on how the role is evolving, prompted frank discussion on whether today’s cybersecurity leaders are positioned to mitigate the operational risks they are tasked to manage.

According to Gamali: “Cyber risks can be very difficult to quantify and continue to be overshadowed by the focus on financial risks that is given at the top levels of the organisation. Today, however, we are in a business environment where the damage to reputation associated with cyber threats – an operational risk – can exceed traditional financial risk, and we are playing catch up with those who have developed the capability to do us harm.”

“I am not suggesting that security is being ignored: Companies are increasing their investments and working to improve their security stature, but it isn’t enough,” warned Davis. “Companies must now acknowledge that the measures undertaken are insufficient as they are not standing up in the face of the targeted real-world attacks that we are seeing today.” 

To take back control, Davis advised delegates to boost organisation-wide competence in cybersecurity and sharpen the focus on operational risk:

  • Acknowledge that cyber risk is a business concern, not just a technical one;
  • Assess the impact of new technologies on traditional business models;
  • Appoint an independent Chief Information Security Officer and;
  • Develop cybersecurity competence across the organisation within IT, business and innovation teams

To learn more, (ISC)² members have pooled their experience to identify five areas of action needed to help business managers mount a more robust assessment of cyber risks, in a whitepaper titled “What Every Business Leader Should Know About Cyber Risk.”


About Infosecurity Middle East

Infosecurity Middle East is the Gulf’s specialist event for securing government and business data against ever-growing cyber threats. It is set within the Gulf Region’s International Exhibition for National Security and Resilience (ISNR Abu Dhabi 2018), and jointly organized by the UAE Ministry of Interior and Reed Exhibitions. The second edition of the event is set to bring together C-suite and other high ranking business leaders and executives from some of the largest global, regional and local tech organisations, including Etisalat Digital, Kaspersky Lab, Mimecast MEA and Sophos MEA among others.


About (ISC)²

(ISC)² is an international non-profit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 130,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and EducationTM. For more information on (ISC)², visit, follow us on Twitter or connect with us on Facebook, LinkedIn or the (ISC)² Community.


© 2018 (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CCFP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks of (ISC)², Inc.


For media enquiries, please contact:

Sayema Wasi

+971 55 954 8664

[1] (USD $4 billion were lost to cyberattacks in the UAE last year: Norton Cyber Security Insights Report).