As the Middle East accelerates its digital transformation, certain industries face unique cybersecurity challenges due to their critical importance to national economies and public safety. Sectors such as energy, finance, and healthcare are particularly vulnerable to cyber threats due to the high-value data they handle and their role in supporting national infrastructure. To address these challenges, sector-specific cybersecurity frameworks have been developed and integrated into national cybersecurity strategies. These frameworks provide tailored guidelines to ensure the security of sensitive data, protect critical infrastructure, and promote compliance with industry regulations.
This blog explores key sector-specific frameworks in the Middle East, focusing on their role in protecting critical systems and data and ensuring business continuity, compliance, and resilience against sophisticated cyberattacks.
Energy
The Middle East is home to some of the world's largest oil and gas reserves, making the energy sector a cornerstone of its economy. As the sector adopts advanced technologies such as IoT and AI for operational efficiency, it also becomes a prime target for cyberattacks. Threat actors often target energy infrastructure to disrupt operations, steal sensitive data, or cause physical damage. Recognizing this vulnerability, tailored cybersecurity controls have been embedded within broader national frameworks, such as:
Saudi Arabia’s Operational Technology Cybersecurity Controls (OTCC)
The OTCC framework provides technical safeguards for securing operational technology environments, including Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, which are used to monitor and control large-scale infrastructure such as oil and gas pipelines, power grids, and water distribution systems. It was developed by the National Cybersecurity Authority, a government security entity responsible for implementing regulations focusing on cybersecurity for private and public companies in the Kingdom of Saudi Arabia. The framework encompasses domains such as cybersecurity governance, defense, and resilience, with requirements such as cybersecurity risk assessments for OT/ICS assets, identity and access management (IAM), and incorporating cybersecurity components in the lifecycle of OT/ICS projects.
Finance
The financial sector in the Middle East is a high-value target for cyber threats due to the vast amounts of sensitive financial data it processes and the sector’s role in economic stability. To strengthen cybersecurity and ensure regulatory compliance, financial institutions must adhere to industry-specific security frameworks designed to protect critical financial infrastructure, mitigate cyber risks, and promote resilience. Key frameworks shaping cybersecurity practices in the Middle East’s financial sector include:
UAE’s Data Protection Regulations
In the United Arab Emirates, the Abu Dhabi Global Market (ADGM) developed the ADGM Data Protection Regulations to set forth data privacy and governance requirements for organizations operating within Abu Dhabi’s financial center. Modeled on international standards such as the General Data Protection Regulation (GDPR), these regulations aim to protect personal data and ensure responsible data handling practices within the financial sector. They contain specific provisions on individual data rights, data transfers and data processing agreements with third parties, and Data Protection Impact Assessments (DPIAs).
Saudi Arabia’s SAMA Cyber Security Framework
The Saudi Central Bank, formerly the Saudi Arabian Monetary Authority (SAMA), developed the SAMA Cyber Security Framework to unify cybersecurity strategies across the financial sector and enhance the resilience of critical financial services and infrastructure. Banks, insurance companies, and other financial entities must adhere to specific requirements, categorized under four control domains: leadership and governance, risk management and compliance, operations and technology, and third-party cybersecurity. They cover diverse areas from awareness and training, to cryptography and cybersecurity architecture, to audits and compliance with industry standards such as PCI DSS, to foster a secure and trustworthy environment for financial transactions.
Healthcare
The healthcare sector in the Middle East faces mounting cybersecurity risks due to its increasing reliance on electronic health records (EHR) and digital medical technologies. Ensuring the confidentiality, integrity, and availability of patient data is a critical priority addressed within sector-specific frameworks such as:
UAE’s Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS)
Developed by the Abu Dhabi Department of Health, the ADHICS contains a comprehensive set of controls for all entities processing health information. These controls are categorized into basic, transactional, and advanced levels, with licensing and implementation requirements depending on the size and complexity of a healthcare facility. The standard outlines mandatory requirements including risk assessment and mitigation, the establishment of information security policies and procedures, and asset classification. It encompasses human resources security, physical and environmental security, access control, operations management, communications, third-party security, information systems acquisition, development, and maintenance, and other control domains to uphold privacy and security in the healthcare sector.
Get started with 6clicks
6clicks offers a robust platform to help Middle Eastern organizations navigate the complexities of cybersecurity compliance across various sectors. Leverage cutting-edge capabilities to enhance your cybersecurity and compliance efforts:
- Revolutionary Hub & Spoke architecture: The platform’s unique architecture is designed to help organizations managing multiple subsidiaries or business units centralize governance while enabling localized flexibility. Manage and distribute core policies, frameworks, and standards from a centralized system and allow regulated entities to operate autonomously with tailored processes and controls.
- AI-powered compliance: Streamline the implementation of cybersecurity frameworks and accelerate compliance through artificial intelligence. Harness the power of AI through Hailey, 6clicks’ AI engine, which can automate various processes including framework and control mapping, answering repetitive audit questions, identifying risks and issues, and creating remediation tasks.
- Comprehensive GRC functionality: With 6clicks providing a complete set of tools, including integrated risk management, control management, third-party risk management, and audit and assessment modules, Middle Eastern organizations can efficiently conduct risk assessments, automate control monitoring, simplify audit workflows, and manage their compliance programs from a single platform.
Learn how 6clicks can support your organization by getting in touch with our experts.
Written by Louis Strauss
Louis is the Co-founder and Chief Product Marketing Officer (CPMO) at 6clicks, where he spearheads collaboration among product, marketing, engineering, and sales teams. With a deep-seated passion for innovation, Louis drives the development of elegant AI-powered solutions tailored to address the intricate challenges CISOs, InfoSec teams, and GRC professionals face. Beyond cyber GRC, Louis enjoys reading and spending time with his friends and family.
