Along for the ride: Security one of the few functions where Uber is following Careem’s lead

It’s been a smooth delivery for taxi-hailing app Careem this week. After months of negotiation, the UAE’s answer to Uber have announced acquisition by, well, Uber, in a deal set to value the Dubai based start-up at over $3.1 billion.

Careem’s 30 million customers and home-field knowledge made it an attractive pick-up for the San Francisco based Uber as they emphasise an aggressive growth strategy and expansion into new markets.  But the courtship between these former rivals is playing coy. Uber and Careem will retain their independent brands, regional services and most internal functions, at least for the time being.

Neil Haskins has a first hand experience of the security changes and challenges that the merger will bring

“It’s holding hands before going full on kissing” jokes Neil Haskins, Head of Security and Technology Operations at Careem. “There’s only a few key functions where they want to be fully integrated”.

One of these is Haskins’ own function, Security. Along with Finance and Legal, Security is among the only areas where Uber is merging with its UAE counterpart. This means taking full responsibility of the SOC, regulatory compliance, and accountability for all things cyber. A high-risk passenger to take on, especially after Careem hit the regional headlines in 2017 after a cyber-attack compromised the data of over 14 million users. But, according to Haskins, the “bounceability” of the smiley-faced ‘Yalla, Let’s Go!’ brand is one of its greatest assets. 

“After we were breached, we learnt some important lessons”, he explains. “We learnt that it’s not about fighting the inevitability of a breach. It’s about building your resilience and how you respond if (when) something goes wrong”. Following the incident, he helped bring security to the forefront of the board’s priorities, and was integral in gaining budget, resources, and the CISO’s Holy Grail: a seat at the top table.

It is this resilience that perhaps helped the Careem brand gain respect, and hold their ground in the negotiating process. “They recognise that we’ve led the way in the way in the Middle East”, explains Haskins. “And we really do dominate the market here. They want to know how we’ve been so successful”.

Not that this is the end destination. As Haskins admits, “there’s still a lot of work to do” before the transaction is expected to officially close in Q1 2020, although “we’ve got a pretty decent budget to get on top of it”. What’s going to be his biggest challenge?

“Compliance, compliance, compliance! Some of the regulatory attitudes we have here are… less focused…! And it doesn’t help that we’re not allowed to talk to Uber about compliance issues until the official transaction date! But Uber have to be watertight. And we’ve got big things planned from a regulatory point of view. We’re going to deliver big ticket items…”

When it comes to sorting compliance strategy it might be a waiting game for Uber and Careem Photographer: Christopher Pike/Bloomberg

 And with that, he’s back to “trying to get my team to do some work! Some of them had bought a few shares in Uber” he smiles “it’s been a happy day for them”. For both organisations too, for now it seems all five star ratings. But with security and compliance challenges down the road, this may only be the start of the journey.

Related posts

Your thoughts