New Cybereason Ransomware Study Reveals True Cost to UAE Businesses

18

90% of UAE organizations that paid a ransom demand were hit again, 63% reported significant loss of business

Lior Div, CEO and co-founder at Cybereason

Dubai, United Arab Emirates: Cybereason, the leader in future-ready attack protection, today released research findings from a global ransomware study of nearly 1,300 security professionals.

In the United Arab Emirates (UAE), 37 percent of surveyed companies reported that they had bit hit by a ransomware attack in the last 24 months. A staggering 84 percent of these companies (24 percent higher than the global average) chose to pay the ransom but what is interesting is that of those, 90 percent suffered a second ransomware attack, often at the hands of the same threat actor group. The research also divulged that of the organizations who opted to pay a ransom demand to regain access to their encrypted systems, 59 percent reported that some or all of the data was corrupted during the recovery process. 

“Our survey findings underscore why, with the exception of cases where there is a threat to life, it does not pay to pay ransomware attackers. Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks,” commented Lior Div, CEO and co-founder at Cybereason. “Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organizations to stop disruptive ransomware before they can hurt the business.”

Key UAE findings include:

  • Ransom Demands Increasing: 63 percent of businesses (28 percent higher than the global average) that paid a ransom demand shelled out between US$350,000 – US$1.4 million, while 10 percent paid ransoms exceeding $1.4 million.
  • Loss of Business Revenue: 63 percent of organizations reported lost business (19 percent higher than global average) as a result of the ransomware attack and 42 percent reported significant loss of revenue.
  • Brand and Reputation Damage: 54 percent of organizations indicated that their brand and reputation were damaged as a result of a successful attack.
  • C-Level Talent Loss: 50 percent of organizations (19 percent higher than global average) reported losing C-Level talent as a direct result of ransomware attacks.
  • Employee Layoffs: In line with the global average, 29 percent reported being forced to layoff employees due to financial pressures following a ransomware attack.
  • Business Closures: A startling 42 percent of organizations (16 percent higher than global average) reported that a ransomware attack forced the business to close down operations entirely.

“Ransomware attacks are a major concern for organizations in the UAE and across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result. If we look at the recent Colonial Pipeline ransomware attack as an example, disruptions were felt up and down the East Coast of the United States and negatively impacted other businesses who are dependent on Colonial’s operations,” added Lior. 

Other key findings included in the full report reveal the extent to which losses to UAE businesses may be covered by cyber insurance, how prepared regional organizations are to address ransomware threats to the business with regard to adequate security policies and staffing. In addition, the report provides actionable data on the types of security solutions organizations had in place prior to an attack, as well as which solutions were most often implemented by organizations after they experienced a ransomware attack.

Survey Methodology

The study was conducted by Censuswide in April of 2021 on behalf of Cybereason. 1,263 cybersecurity professionals took part in the survey—with participants from the United States, United Kingdom, Spain, Germany, France, United Arab Emirates (UAE), and Singapore. Major industry verticals covered in the research include the Technology, Manufacturing, Financial Services, Retail, Healthcare, Automotive, Legal and Government sectors.

About Cybereason:

Cybereason is the champion for today’s cyber defenders providing future-ready attack protection that unifies security from the endpoint, to the enterprise, to everywhere the battle moves. The Cybereason Defense Platform combines the industry’s top-rated detection and response (EDR and XDR), next-gen anti-virus (NGAV), and proactive threat hunting to deliver context-rich analysis of every element of a Malop (malicious operation). The result: defenders can end cyber attacks from endpoints to everywhere. Cybereason is a privately held, international company headquartered in Boston with customers in more than 30 countries.