UAE Companies Encounter Surge in Cyberattacks, Median Ransom Reaches $1.33 Million
Nearly half of UAE companies paid ransoms to cybercriminals in 2024, reveals Sophos’s sixth annual State of Ransomware report. According to the survey of 3,400 IT and cybersecurity leaders across 17 countries, 43% of UAE organisations with encrypted data chose to pay ransom. The median payment reached $1.33 million. Moreover, 30% of those companies negotiated lower amounts than initially demanded. Globally, 71% of companies that reduced ransom payments did so through negotiation, either independently or with third-party help.
Despite these challenges, UAE firms showed strong recovery capabilities. In fact, 63% fully recovered within one week, surpassing the global average of 53%. Overall, 98% of affected organisations recovered their data, mainly through backups (68%) or paying ransoms (43%). Excluding ransom payments, the average recovery cost was $1.41 million, which is below the global average of $1.53 million. These costs included downtime, personnel time, device replacement, network restoration, and lost opportunities.
Key Causes and Challenges Faced by UAE Organisations
The report identifies exploited vulnerabilities as the leading cause of ransomware attacks in the UAE, accounting for 42% of incidents. Additionally, malicious emails initiated 23% of attacks, while compromised credentials caused 18%. Significantly, 49% of ransomware victims said attackers exploited security gaps they were unaware of, showing an ongoing struggle to secure their attack surface.
Resource constraints also affected 54% of attacked organisations, with one-third citing lack of expertise and 30% reporting staff shortages. The impact on data was severe: 55% of attacks encrypted data, above the global average of 50%. Moreover, 43% of these cases involved data theft, much higher than the global rate of 28%. Consequently, cybersecurity teams faced increased pressure and workloads, with 40% reporting more pressure from senior leadership and 37% experiencing heavier workloads.
Preventive Measures and Outlook for Ransomware Defence
Although median global ransom demands dropped by one-third between 2024 and 2025, median payments fell by 50%, reflecting better ransomware impact management. Ransom demands vary widely by company size; organisations with revenues over $1 billion face median demands of $5 million, whereas smaller companies see demands below $350,000.
Chester Wisniewski, director of field CISO at Sophos, stresses that ransomware prevention requires addressing root causes: exploited vulnerabilities, lack of visibility, and insufficient resources. He highlights the growing adoption of Managed Detection and Response (MDR) services for protection.
Sophos recommends several practices to defend against ransomware: eliminating technical and operational root causes, ensuring all endpoints have anti-ransomware protection, maintaining tested incident response plans, regularly restoring backups, and implementing 24/7 monitoring and detection capabilities. These steps aim to reduce ransomware risks and improve organisational resilience.
