- GCC states seek to be leaders in digital innovation, but this leaves them vulnerable to an increasing range of cyberthreats. Governments have invested significantly in cybersecurity but these measures have been unevenly implemented, making it difficult for these states to be resilient against a large-scale cyber incident.
- Strategies, structures and processes (‘approaches’) for achieving cyber resilience can be conceptualized along a scale from centralized to distributed: centralized approaches maintain decision-making power in a single body, while distributed ones disperse power over many sites.
- Centralized approaches provide more resilience against unwanted influence, while distributed approaches provide more resilience against intrusions into infrastructure. The GCC states have so far prioritized centralized over distributed cyber resilience, seeking internet and social media control over sustainable network recovery.
- GCC governments should make a sustainable commitment to cyber resilience that provides clear guidance to organizations and makes best use of emerging cybersecurity structures. This may involve further engagement with international initiatives and partners to increase cyber resilience.
- Given limited resources, GCC governments should rebalance their efforts from centralized towards distributed approaches to resilience.
- GCC governments should examine the impact of relevant new technologies, discussing openly the risks of these technologies and appropriate solutions.