The price of complacency

As Middle East economies accelerate towards an ambitious digital transformation vision, cybersecurity risk becomes an even greater and more complex concern across the region. Recent reports suggest that breaches resulted in an estimated average cost of USD$7.46 million per data breach in the Middle East during 2022. 2023 is set to hit even more alarming numbers.

Reports suggest, the UAE and the Kingdom of Saudi Arabia had the highest number of ransomware attacks between mid-2021 and mid-2022 out of all of the Gulf countries. This is unsurprising given the number of large international and regional businesses with an operational base or a regional HQ in these states. Ransomware is malicious software which prevents users from accessing their devices, usually by the locking or encryption of data files. A ransom is demanded for the release of the data on threat of deletion or publication.

Cybersecurity firm Acronis predicts the average cost of a data breach will reach USD$5 million by 2023 worldwide¹, but with the Middle East already averaging significantly higher, businesses with a Middle East footprint can expect higher potential financial consequences in the coming years.

In relation to cybersecurity trends in the second half of 2022, Acronis identified that ransomware remains one of the top threats to big and medium businesses². Acronis also report that leaked / stolen credentials were the cause of almost half of reported breaches in the first half of 2022³.

In the UAE, the Cybersecurity Council has announced the adoption of stringent cybersecurity standards to safeguard the country’s digital space following these reports. It is expected that governments across the Gulf will follow suit. There is slower adoption of community-based information sharing around cyber risks and less in the way of breach-reporting legal obligations in the region when compared to other parts of the world. If these features of the regional market do not change, they will contribute to the reasons why, in years to come, businesses active in Gulf states remain more vulnerable to data breaches.

In the meantime, it is imperative that organisations have well-tested and resilient operations in place to protect against cyberattacks, including an immediate and effective response in times of crisis. Contact us to find out more about Cyber Response+, our 24/7 helpline and how our multijurisdictional team can help.

¹ Acronis Cyber Protection Operation Center Report: Cyberthreats in the second half of 2022 – Data under attack
²See footnote 1
³See footnote 1