Sunday 14 / December / 2025
Muscat: More than half of the companies surveyed in the Middle East (56 per cent) are unable to analyse all the data they collect and 32 per cent do not know where their sensitive data is stored, global study reveals.
Compounding this uncertainty, 42 per cent of IT professionals in the region admit they don’t carry out all the procedures in line with data protection laws such as General Data Protection Regulation (GDPR), Gemalto, the world leader in digital security, said in a study released on Tuesday.
These are just some of the findings of the fifth-annual Data Security Confidence Index, which surveyed 1,050 IT decision makers and 10,500 consumers worldwide. The research found that business’ ability to analyse the data they collect varies worldwide with India (55 per cent), Australia (47 per cent)and the Middle East (44 per cent)best at using the data they collect. In fact, the majority (94 per cent) of the Middle East organisations agreeing that analysing data effectively gives them a competitive edge in their industry.
“If businesses can’t analyse all of the data they collect, they can’t understand the value of it – and that means they won’t know how to apply the appropriate security controls to that data,” said Sébastien Pavie, Regional Director META, Enterprise and Cybersecurity, at Gemalto.
“Whether it’s selling it on the dark web, manipulating it for financial gain or to damage reputations, unsecured data is a goldmine for hackers. You only need to look at the recent hacks on Facebook and, closer to home, on the riding app Careem, to see the damage that can be done, he said.
"What’s more, data manipulation can take years to discover, and with data informing everything from business strategy to sales and product development, its value and integrity cannot be underestimated,” he added.
Confidence in securing the breach is low
When it comes to how data is being secured, the study found that 60 per cent of IT professionals in the Middle East say perimeter security is effective at keeping unauthorised users out of their networks. This is despite the majority of IT professionals in the region (70 per cent) believing unauthorised users can access their corporate networks.
However, once the hackers are inside, less than half of the regional companies surveyed (46 per cent) are extremely confident that their data would be secure. UK businesses are the most concerned with just 24 per cent prepared to say they’re extremely confident, with Australia the highest (65 per cent).
Even though there is still faith in how they’re securing their networks, one third (24 per cent) of Middle East companies reported that their perimeter security had been breached in the past 12 months. Of those that had suffered a breach at some point, only 7 per cent of that compromised data was protected by encryption, leaving the rest exposed.
Consumers say compliance is critical
According to the study, a growing awareness of data breaches and communications around GDPR have led to the majority (88 per cent) of consumers in the Middle East believing that it is important for organisations to comply with data regulations. In fact, (39 per cent) are aware what encryption is, showing an understanding of how their data should be protected.
“It’s time organisations got their houses in order; starting with who oversees their data security. A central figure such as a Data Protection Officer – essential in some circumstances under GDPR – must be appointed to the board to lead data security from the top down," Pavie said.
Next is having more insight and analysis on the data collected to ensure that it is both correctly protected and enabling more informed business decision making. Finally, a mindset change. Organisations must realise that it’s no longer a case of if, but when a breach occurs, and protect their most valuable asset — data — through encryption, two-factor authentication and key management, rather than solely focusing on perimeter protection,” he added.
