DUBAI, UAE – September 23, 2025 – The CISO Middle East Summit featured a highly engaged panel of cybersecurity leaders who collectively dismantled the traditional view of security as a mere expense. Moderated by Kawther Hocaine from EY, the discussion brought together cybersecurity leaders such as Mansoor Ahmad Khan, Finto Thomas, Narinder Thandi, Binay Roy, and James Wiles to outline a new mandate for CISOs: strategically enabling business growth through secure practices.
Redefining Security: The ROI of Trust
The central theme of the discussion was proving the Return on Investment (ROI) of security.
- Mansoor Ahmad Khan spearheaded this point, stating that CISOs must be fluent in the language of the board, focusing on business outcomes rather than technical metrics. He asserted that robust security is a powerful growth enabler, allowing the company to build essential digital trust with customers, which directly supports innovation and market expansion.
- Finto Thomas provided the practical, architectural view, stressing that security must be treated as a design principle, not a bolt-on solution. By integrating security early into business processes and digital transformation efforts, organizations can avoid high-cost, reactive fixes later, proving security’s value upfront.
The Strategy of Spending and Managing Risk
The panelists offered pointed critiques on current security spending models and risk management.
- Narinder Thandi offered a clear distinction on financial risk, emphasizing that cyber insurance is a financial safety net, not a security strategy. He cautioned against relying on insurance payouts as a replacement for foundational defenses, urging CISOs to prioritize budget on reducing the probability of an incident rather than simply mitigating the financial aftermath.
- The panel, including Finto Thomas and James Wiles, unanimously agreed that all security spending must be aligned to the company’s critical risks. Instead of chasing the “latest shiny tool,” investment should focus on protecting the most valuable assets—the “crown jewels”—that are crucial for business continuity.
- Facing the hypothetical challenge of a 30% budget reduction, the collective priority was immediate and clear: protect people training (the cheapest and most effective defense), critical data infrastructure, and rapid recovery capabilities (resilience).
AI, Talent, and the Future Mandate
The conversation concluded with forward-looking insights on technology adoption and organizational culture.
- Binay Roy addressed the pervasive cybersecurity talent gap, seeing AI and automation as a necessary force multiplier. He noted that AI helps security teams manage the overwhelming volume of alerts, essentially making existing staff more efficient, but warned that it doesn’t eliminate the need for skilled, strategic human oversight.
- When asked how they would spend an unexpected $1 million bonus, all panelists unanimously agreed in their choice: people and process. They agreed that developing human talent and refining security processes offer the highest long-term ROI.
- The closing mandate, supported by all panelists, encouraged CISOs to be courageous enough to say “No” to business initiatives lacking security checks. The panelists predicted that Digital Trust and Compliance will be the dominant budget drivers in the UAE over the next three years, reflecting the country’s strategic push to be a globally secure digital economy.
The collective insights from the panelists solidify a major directional shift in regional cybersecurity. The era of security teams operating in isolation is over; the modern CISO must be a strategic leader who actively partners with the board to articulate security’s role as a core driver of business enablement, customer trust, and long-term resilience. The clear focus on human capital, risk-aligned spending, and a culture of integrated security marks a significant maturity in the Middle East’s approach to securing its rapidly expanding digital economy.
