Saudi Arabia financial organisations under pressure to increase security

Banks and FSIs come under pressure from the government, shareholders, employees and customers as security risks increase during the pandemic

98 percent of IT decision makers working in banks and financial service institutions (FSIs) in Saudi Arabia are under pressure to level up their security protocols, according to new research from Citrix. This comes as 79 percent see IT security risks in the industry increasing since the start of the COVID-19 pandemic. Government is most likely to be pressurising organisation to increase security, with 62 percent of IT pros reporting pressure from this group, followed by customers and employees (49% each), and shareholders (35%).

Perhaps in response to these demands, 60 percent of respondents report that security has become a top priority in their organisation over the past 18 months. They join the further 32 percent who report that it has been a top priority “for years”.

“It is no surprise that security has become an even greater priority since the pandemic began,” says Amir Sohrabi, Area Vice President for Emerging Markets at Citrix. “As remote work became ubiquitous overnight, and employees were more likely to be distracted by personal and professional stressors, cyberattacks have increased across the globe. This research highlights that both internal and external stakeholders have recognised the challenges, which are especially pertinent in a sector like finance.”

Technology maturity, namely Zero Trust and digital workspace, is driving confidence

However, despite the increase in cyber-attacks and the changing demands and pressures upon them; 93 percent of IT decision makers claim they are comfortable with their IT security provisions, with 36 percent of those saying they are “very comfortable”. 81 percent also believe that the IT security teams in their organisations have “all the skills necessary” to handle today’s challenges.

This confidence may come, at least in part, from the fact that many organisations are replacing their traditional VPN solutions with Zero Trust, cloud-based services. 39 percent of respondents have already implemented this, with another 56 percent planning to do so in the next 12 months. A further four percent plan to follow suit in the longer term. The biggest drivers behind this decision are consolidating multiple point products (45%) improving security for access using BYO devices (38%), having an agile and secure remote work strategy (36%) and improving end-user experience (36%).

In addition, 92 percent of IT decision makers report that they are satisfied with the digital workspace solutions their organisation has used to support remote work, over the past 18 months. 61 percent of respondents implemented these digital workspace solutions in response to the mandate to work from home in March 2020, while a further 36 percent already had them in place prior to the pandemic. A further four percent plan to provide their teams with digital workspace solutions in the future, leaving just one percent without this technology in the long term.

Of the other technologies that organisations have in place to support remote working, virtual desktops and apps and collaboration tools like Slack or Microsoft are the most popular ones (48% each), in addition to significant investment in laptops for staff (42%).

Skills and training gaps present potential vulnerabilities

Whilst the majority of IT decision makers feel they have the right teams in place to support their organisations’ current security posture, there may be challenges on the horizon. 75 percent of respondents admit that they will need to hire externally to get the right skills in the future, while 69 percent feel that at some point, IT security teams in their organisation “will need to be entirely reskilled”.

Additionally, the research uncovers some gaps in wider security training for employees of banks and FSIs. 56 percent of respondents say that security training for all employees at their organisation is provided less than once a year, with 1% admitting it is provided every six years or less.

“The challenges caused by the pandemic and the pressures put on IT decision makers by key stakeholder groups, have led to security soaring up the priority list for many financial organisations,” comments Amir Sohrabi. “The last 18 months have clearly been a time of great change, with new technologies being implemented, so it’s highly encouraging to see most IT managers in this sector adapt and accelerate, to ensure they have the correct security posture in place.”

“However, this is no time to get complacent and there is clearly an opportunity for businesses to future-proof their security by upskilling their IT teams and providing regular training for the wider employee group,” he adds. “There has been an alarming increase in cyber-attacks since the start of the pandemic, and many of these come as a result of human error. The importance of dedicated annual training, therefore, cannot be underestimated.”

About this research

Citrix worked with OnePoll to survey 600 IT managers and above in the financial services and banking sectors in South Africa, Saudi Arabia and UAE. 200 Saudi respondents were polled in the research, which took place in August 2021.