69% of UAE businesses expect a cyberattack within a year, but only 49% feel prepared for it

The majority (69 per cent) of UAE business leaders expect to suffer a cybersecurity incident in the next 12 months, but only 49 per cent of organisations feel well prepared to deal with one, a new study shows.

According to research from leading connectivity cloud company Cloudflare, more than half (52 per cent) of UAE organisations have experienced at least one cybersecurity incident in the last 12 months, with most having experienced multiple attacks. This is significantly higher than in Europe where the figure stands at 40 per cent. Sixteeen per cent who reported an attack in the past year in fact experienced them, on average, every six to 11 days. Also, 63 per cent of UAE organisations believe the volume of cyberattacks will increase over the next 12 months.

The research, conducted with nearly 1,000 business and technology leaders across the Middle East (330 from the UAE), as part of a larger study which included more than 4,000 enterprises across 13 European markets, showed the following results:

Large and medium-sized organisations were more likely to have experienced attacks than small one the study showed. The sectors that experienced the most cybersecurity incidents in UAE were financial services, media & telecoms and manufacturing. Organisations that have experienced the most attacks are more likely to be on guard for trouble ahead. Those in industries which experienced fewer attacks — such as transport and education — were among those least prepared. The sectors most likely to foresee an attack in the next 12 months include the UAE’s media & telecoms, financial services, and travel and tourism industries.

According to the UAE’s business and technology leaders, the top three most common types of cyberattack they face are web attacks (69 per cent), phishing (47 per cent), and insider threat/stolen credentials (36 per cent), while their number one concern is malware (defined as viruses, worms, and Trojans).

Lack of preparation is risky and the consequences of complacency can be catastrophic. 68 per cent of respondents from organisations that have experienced attacks in the past 12 months estimated the financial impact of these to be at least $1 million, while nearly a quarter (24 per cent) estimate the loss to be $2 million or more.

Losses are not merely financial. Forty per cent of respondents report that their organisation has put growth plans on hold in the aftermath of an attack, while 37 per cent have laid off workers as a result of the economic ramifications of cyberattacks.

Seventy six per cent of respondents say they expect the proportion of their IT budgets allocated to cybersecurity to increase in the next 12 months. For most, networks is the main area of investment.

Secure access service edge (SASE) is greatly under-adopted, with only 17 per cent of respondents fully implementing this model. However, there is cause for optimism, as 70 per cent respondents are working with a single SASE vendor, which may reduce complexity and help speed up deployment.

Organisational leaders are optimistic that Zero Trust projects and deployment can enable a better user experience and allow for more cloud-native possibilities. However, 75 per cent believe their leaders lack understanding of Zero Trust architecture — a key reason why it is still in the early stages of adoption for the majority (55 per cent) of organisations in the UAE.

Bashar Bashaireh, RVP Middle East and Türkiye at Cloudflare said: “It is clear from the study that UAE business leaders are gearing up for increasing cybersecurity threats, feeling unprepared to handle them effectively. Preparation is key! Instead of complex and disparate systems, business and IT leaders should adopt a comprehensive ‘Everywhere Security’ approach. Much greater investment is needed in consolidated solutions with an any-to-any cloud strategy that will help organisations respond to an increasingly multifaceted threat environment. Zero Trust is a critical part of such an approach to help organisations prepare in multiple ways and implement a strong security culture.”