UAE harnesses AI to combat cybercrimes and misinformation
MAYS IBRAHIM (DUBAI)The UAE is increasingly leveraging artificial intelligence (AI) to detect and trace cyberattacks targeting the country, according to Dr. Mohamed Al Kuwaiti, Head of the UAE Cybersecurity Council.In a dialogue session at the Arab Media Summit in Dubai, Al Kuwaiti noted that AI tools can now analyse writing patterns and posting behaviour to identify the real sources behind malicious online activity, whether human or bot-driven.The spectrum of cyber threats now includes insults, slander, defamation, blackmail, identity theft, and ransomware - all of which fall under the category of cybercrimes, he said.Another major concern is cyberterrorism, particularly the online dissemination of false ideologies and the spread of rumours meant to destabilise social trust.Al Kuwaiti pointed out that while social media platforms have introduced some regulatory measures to curb terrorism and cybercrime, the challenge of swiftly removing or correcting misinformation remains substantial.The speed at which false content spreads, combined with its persistent digital footprint, often makes it difficult to trace or undo the damage once it's widely circulated, he explained.
Think Before You Click Al Kuwaiti also pointed to awareness as a central pillar in the UAE's cybersecurity strategy.He said that encouraging individuals to pause before resharing unverified information - and to recognise that online behaviour reflects personal and cultural values - is one way to contain the ripple effects of false narratives.Al Kuwaiti stressed the importance of having misinformation "stop at you" instead of being perpetuated further.The UAE continues to ramp up its cybersecurity capabilities. In April 2024, the UAE Cybersecurity Council launched the "National Cybersecurity Strategy 2024–2026", which outlines a multi-tiered approach focused on proactive threat detection, critical infrastructure protection, and real-time incident response.
The strategy includes the deployment of a centralised national cybersecurity operations centre (NCSOC) and the integration of AI-driven surveillance tools to monitor digital risks across government and private networks.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Hi Dubai
a day ago
- Hi Dubai
The Importance of Cyber Insurance for Dubai Businesses
As Dubai continues its rapid digital expansion—embracing smart city infrastructure, AI-driven services, and cloud-based operations—the risk of cyberattacks is growing just as fast. But are businesses keeping pace with the threats? According to the UAE Cybersecurity Council, the country has seen a sharp increase in the frequency and complexity of cyber incidents targeting both public and private sectors. A 2023 Interpol report highlighted the Middle East as a rising hotspot for ransomware and phishing campaigns, with the UAE named among the most targeted GCC nations. Why is Dubai particularly vulnerable? As a regional headquarters for global corporations and a thriving hub for fintech, healthcare, and logistics, the city holds high-value data that attracts both organized cybercriminals and opportunistic threat actors. What would happen if a critical system went down? Or if sensitive customer data was exposed? For many businesses, the financial and reputational damage could be irreversible. In this article, we'll explore the role cyber insurance plays in protecting Dubai-based businesses from these rising digital threats. From what it covers to how much it costs, and which providers are leading the market, everything you read here is based on official sources and verified information. What Is Cyber Insurance? Cyber insurance is a specialized form of business coverage designed to protect companies from financial losses caused by cyber incidents, such as hacking, ransomware attacks, data breaches, or system failures. It helps organizations recover from disruptions, manage liabilities, and maintain operational continuity during and after a digital threat. Most policies are divided into two main types of protection: first-party and third-party coverage. First-Party Coverage: Protecting Your Own Business When your systems go down or sensitive data is compromised, first-party coverage helps cover the direct losses your business faces. This typically includes: Business interruption costs caused by system downtime. Data recovery and restoration, including forensic investigation to identify and resolve the breach. Legal and regulatory notification expenses, such as notifying affected customers and managing compliance requirements. First-party coverage may also include compensation for revenue losses and administrative fines if the breach occurred due to internal failures in data protection. Third-Party Coverage: Managing External Liabilities If a breach affects your clients, partners, or any third party, this coverage handles claims made against your business. It often includes: Liability for financial losses that others may suffer as a result of the incident. Legal defense costs in case of lawsuits or investigations. Regulatory fines or penalties related to data protection violations. What Does Cyber Insurance Cover? Cyber insurance typically includes the following key areas of coverage that help businesses respond to and recover from digital threats: 1. Incident Response and Forensics Cyber insurance usually provides access to a dedicated team of cybersecurity experts who respond immediately after a breach. This includes digital forensics to understand how the attack happened, containing the threat, and guiding your team through the first critical hours. 2. Legal Expenses and Regulatory Fines If a cyber incident triggers legal issues or regulatory investigations, the policy covers legal advice, defense costs, and penalties. This is particularly important for businesses in the UAE, where data protection regulations are increasingly strict and enforcement is becoming more proactive. 3. Customer Notification and Credit Monitoring If customer data is compromised, insurers will cover the cost of notifying affected individuals. Many policies also include credit monitoring or identity protection services to help rebuild customer trust and meet compliance requirements. 4. Public Relations and Reputation Management To help manage public perception after an attack, cyber insurance often includes access to PR consultants who handle media communication and reputation recovery. This support can be crucial when trying to reassure customers, partners, and investors. 5. Business Interruption and Extra Expenses If your operations are disrupted due to a cyber event, the policy can compensate for lost income and additional expenses incurred during recovery. This might include emergency IT support, renting temporary infrastructure, or even relocating operations briefly. 6. Cyber Extortion and Ransomware Coverage typically includes ransom payments, expert negotiation support, and the technical services needed to restore systems after an attack. With ransomware becoming more common in the region, this has become a key part of most cyber insurance policies. 7. Data Restoration In case of data loss, deletion, or corruption, cyber insurance helps cover the cost of restoring systems, software, and databases. This ensures that your business can get back to normal operations as quickly and smoothly as possible. Why It's Important for Dubai Businesses Cyber threats in the UAE have increased significantly in recent years. Businesses in Dubai are particularly exposed due to their reliance on digital platforms, cloud systems, and financial technologies. As phishing, ransomware, and malware attacks grow more sophisticated, having cyber insurance in place becomes a critical safety net. It ensures that a single breach does not disrupt business continuity or lead to long-term damage. One of the biggest reasons businesses invest in cyber insurance is for financial protection. A serious cyberattack can lead to major expenses, including legal fees, data recovery, operational downtime, and even ransom payments. Without insurance, these costs fall entirely on the business. With insurance, however, you gain a financial buffer that can help absorb the impact and prevent sudden financial loss or insolvency. Regulatory compliance is another growing priority. The UAE has been strengthening its data protection laws, requiring businesses to report breaches, notify affected customers, and demonstrate preparedness. A good cyber insurance policy helps businesses meet these obligations by covering legal advice, documentation support, and regulatory penalties, especially under the UAE's Personal Data Protection Law (PDPL). Perhaps one of the most valuable aspects of cyber insurance is access to expert support. Most policies include 24/7 emergency response teams that guide businesses through the chaos of a breach. These teams often include incident responders, digital forensic analysts, legal consultants, and public relations experts who can step in immediately, minimize damage, and help the business recover efficiently. In short, cyber insurance is not just about compensation. It is about being equipped to respond, comply, and recover with confidence. Leading Cyber Insurers in Dubai / UAE QBE QBE offers a comprehensive policy called QCyberProtect, which includes cyber liability, media liability, data breach legal costs, business interruption coverage, and data restoration. The policy is available globally and is widely used by businesses in the UAE. They provide 24/7 crisis support through an expert panel that includes specialists in forensics, legal affairs, and public relations. Additional tools like a secure 'saferoom' help businesses activate response plans quickly when incidents occur. QBE also offers ongoing risk management support through its Cyber Risk Management Portal and provides discounts on preventative services, showing a commitment to both proactive and reactive protection. Why QBE is a top choice: Globally consistent coverage with specialized tools, strong support systems, and round-the-clock incident response. AIG (CyberEdge) AIG's CyberEdge policy includes protection for data loss, regulatory fines, cyber extortion, third-party liabilities, and business interruption. The policy also grants access to a comprehensive cyber resiliency program that offers services such as risk assessments, vulnerability scans, phishing simulations, Darknet monitoring, and ransomware preparedness, customized based on the level of coverage. AIG operates on a 'Claims First' model, providing immediate IT forensics and legal support, along with continuous advisory throughout the policy duration. Why AIG stands out: Strong focus on prevention, deep technical resources, and global expertise from claim initiation to resolution. Howden Howden focuses heavily on incident response. Their policies include expert-led containment and system restoration services, making them particularly appealing for businesses looking for hands-on support during and after an attack. Why Howden excels: A practical, specialist-driven approach to cyber recovery—ideal for businesses in the UAE seeking reliable and fast incident resolution. Arthur J. Gallagher (AJG) AJG offers tailored cyber insurance solutions that include 24/7 access to breach response teams. These teams are equipped to handle digital forensics, legal guidance, and public relations support. Their policies are designed to be highly customizable, adapting to the specific needs and operational risks of each business while ensuring immediate access to expert help when needed. Why AJG matters: Flexible, client-focused coverage with around-the-clock support, ideal for businesses needing personalized protection and fast intervention. UAE Cyber Insurance Cost Breakdown Business Type Coverage Scope Estimated Annual Premium (AED) Small Business (SME) Basic coverage for data breach, basic liability 1,800 – 3,700 Mid-sized Business Broader coverage including extortion, PR, BI 7,400 – 18,500 Large Enterprise / High Risk Sector Full coverage including compliance, restoration, large liability 37,000+ BI = Business Interruption What Affects the Cost of Cyber Insurance in the UAE? Premiums vary significantly based on the following factors: Business Size & Revenue : Larger organizations face more complex risks and pay higher premiums. : Larger organizations face more complex risks and pay higher premiums. Industry Sector : Companies in finance, healthcare, and e-commerce typically pay more due to regulatory and data sensitivity. : Companies in finance, healthcare, and e-commerce typically pay more due to regulatory and data sensitivity. Cybersecurity Measures : Businesses with strong protections—like firewalls, encryption, MFA, and employee training—are considered lower risk and may receive discounted premiums. : Businesses with strong protections—like firewalls, encryption, MFA, and employee training—are considered lower risk and may receive discounted premiums. Claims History : A business with no history of incidents or breaches is likely to receive more favorable rates. : A business with no history of incidents or breaches is likely to receive more favorable rates. Coverage Limits & Deductibles: Higher coverage amounts and lower deductibles increase premiums; balancing these appropriately helps control costs. Tips to Reduce Premiums Without Compromising Protection Invest in Cyber Hygiene : Implement basic controls like endpoint protection, backup systems, and staff awareness programs. Many insurers offer lower rates for businesses with strong internal protocols. : Implement basic controls like endpoint protection, backup systems, and staff awareness programs. Many insurers offer lower rates for businesses with strong internal protocols. Bundle with Other Insurance : Some UAE insurers allow cyber to be added to broader business insurance policies (e.g., SME packages), which can reduce costs. : Some UAE insurers allow cyber to be added to broader business insurance policies (e.g., SME packages), which can reduce costs. Choose the Right Deductible : Opting for a slightly higher deductible can reduce premium costs while still maintaining core protection. : Opting for a slightly higher deductible can reduce premium costs while still maintaining core protection. Work with Specialized Brokers: Brokers like PolicyBazaar UAE and can help assess your risk profile and connect you to insurers offering the best coverage-to-cost ratio. Emerging Risks and Policy Adaptation AI and Deepfake Risks AI-generated deepfakes—such as fabricated videos or voice recordings—are a growing threat, capable of tricking staff into approving fraudulent transactions or damaging reputations. Recent reports from Reuters highlight how insurers are introducing affirmative AI endorsements that specifically cover incidents involving deepfakes under cyber policies. These endorsements aim to clarify and extend coverage where traditional policies may fall short. War and State-Sponsored Attack Exclusions Many cyber insurance policies now include a 'war exclusion clause', which excludes coverage for "hostile or warlike actions" by state-backed actors. While these clauses have historically been narrow, insurers are extending them to include state-sponsored cyberattacks, even in peacetime. The evolving wording places extra emphasis on: Whether the attacker is a sovereign state Whether the attack qualifies as a warlike act Recent legal developments, such as the U.S. Merck case, have ruled that a war exclusion should not broadly apply to cyber incidents, especially if they lack direct military action. Nonetheless, it is now standard for policies to contain explicit exclusions related to state-sponsored cyber operations. Why This Matters for Dubai Businesses Deepfake protection : Without AI-specific endorsements, traditional cyber policies may not cover losses resulting from AI-based fraud, leaving organizations exposed to new forms of attack. : Without AI-specific endorsements, traditional cyber policies may not cover losses resulting from AI-based fraud, leaving organizations exposed to new forms of attack. State-supported cyber threats: As cyber warfare evolves, it's possible that major disruptions could result from nation-state actors. Businesses should scrutinize war exclusion language to ensure clarity about which attacks are covered. What UAE Companies Should Do Request AI endorsements in your policy to ensure incidents involving deepfakes or AI manipulation are explicitly covered. in your policy to ensure incidents involving deepfakes or AI manipulation are explicitly covered. Carefully review war exclusion clauses : Seek clear definitions regarding state-sponsored cyberattacks and explore add-ons or special endorsements that limit these exclusions. : Seek clear definitions regarding state-sponsored cyberattacks and explore add-ons or special endorsements that limit these exclusions. Consult with local brokers and insurers, as UAE policy language is adapting quickly to include or exclude these emerging risks. Ensuring alignment with your risk profile is now essential for complete protection. When choosing a cyber insurance policy in the UAE, it's critical to understand what is covered—and just as importantly, what isn't. Below are the essential elements that every Dubai-based business should evaluate before finalizing coverage: 1. First-party and Third-party Coverage A strong cyber insurance policy should protect both internal and external losses. First-party coverage addresses direct impacts on your business, such as data restoration, operational downtime, and recovery costs. Third-party coverage, on the other hand, protects you from liabilities related to customer claims, legal actions, and regulatory penalties. Both are essential to ensure your business is comprehensively protected from cyber risks. 2. Incident Response Services Time is critical during a cyber incident. Make sure your policy includes immediate access to expert-led response teams that handle forensic investigations, system containment, legal advice, and communication strategy. A fast and coordinated response can significantly reduce the impact of a breach. 3. Ransomware and Extortion Coverage With ransomware becoming one of the most common cyber threats, it's important that your policy explicitly covers ransom demands, negotiation support, and associated recovery costs. This is especially relevant given the rise in sophisticated double-extortion tactics where data is both encrypted and threatened with public release. 4. Regulatory Fine Coverage under UAE Data Laws UAE regulations, such as the Personal Data Protection Law (PDPL) impose strict obligations on breach reporting and consumer protection. Your insurance policy should include coverage for legal consultation, documentation support, and any regulatory fines that may be imposed in case of non-compliance. 5. Exclusions and War Clauses Some policies include clauses that exclude cyberattacks deemed to be state-sponsored or linked to geopolitical conflict. These "war exclusions" can limit your protection in cases of large-scale or coordinated cyber events. It is important to read these clauses carefully and explore endorsement options if your business is at risk of being targeted in such scenarios. Tip: Always review the fine print with your insurer or broker and tailor your policy to match the scale, structure, and exposure of your business. Gaps in coverage often come from unclear exclusions or assumptions about what's automatically included. In today's digital-first environment, cyber risks are no longer a distant threat. They are a daily reality for businesses in Dubai. Having the right cyber insurance policy in place helps protect against financial losses, supports regulatory compliance, and gives businesses access to expert guidance when it matters most. As threats evolve, so should your coverage. Reviewing your options carefully, understanding what's included, and choosing a provider with strong local support can make all the difference in managing risk and maintaining business continuity. Also read: Protect Your Ideas: Trademark Registration in Dubai Learn how to register a trademark in Dubai with this step-by-step 2025 guide. Understand eligibility, costs, legal benefits, and common mistakes to protect your brand effectively in the UAE. Copyright vs. Trademark vs. Patent: Breaking Down Intellectual Property Rights Let's break down the three big ones: copyright, trademark and patent, and figure out which one you need for what. Why Summer is the Best Time to Digitally Transform Your Business in Dubai Summer in Dubai offers the ideal time to upgrade systems, train teams, and prepare your business for a stronger, more efficient Q4.
Gulf Today
3 days ago
- Gulf Today
Free Wi-Fi isn't free, it may cost your personal data while travelling, UAE warns
The UAE Cyber Security Council (CSC) has urged internet users to exercise caution when using public Wi-Fi networks, especially while travelling, as these networks could put personal data at risk. He stressed that seemingly legitimate networks may actually be 'honeypots' set up by hackers to launch 'Man-in-the-Middle' attacks, intercepting connections, reading data and redirecting users to fake websites that may expose them to phishing. He further explained that unsecured Wi-Fi networks permit the infiltration of devices by malware and enable cybercriminals to eavesdrop on user activity and steal login credentials. The CSC strongly recommended the use of (VPN) when connecting to public Wi-Fi networks, as it offers protection through encryption and data security. It further stressed the need of digital intelligence, particularly in cafes, airports, and hotels, where public Wi-Fi networks are accessible but lack security measures. "A Virtual Private Network (VPN) is an optimal travel companion," CSC added. The necessity of taking time to read privacy policies before clicking the "Agree" selection is also stressed on by the CSC, with the assertion that ignoring these policies is tantamount to signing a blank cheque, which could result in the unauthorised sharing of personal information. The Council further indicated that the aforementioned policies may encompass provisions that permit access to sensitive data, including geographical location, browsing history, and on occasion, financial data. It was further noted that such applications encompass a number of uses, including the dissemination of information to third parties, the monitoring of individuals for the purpose of advertising, and the commercial exploitation of data. Additionally, this could lead to the receipt of targeted advertisements, deceptive phishing communications, or the loss of autonomy in the use of personal data. Privacy is of inestimable value, so individuals are strongly recommended to review the policy before clicking "Agree" and to ensure that they are vigilant, informed, and protected, the CSC added. The Council recommended a series of measures to enhance digital protection, including the following: a thorough examination of terms and conditions, with particular attention to warning signs such as excessive data collection; a modification of privacy settings to limit permissions and eliminate unnecessary tracking; the avoidance of logging in via social media and the use of email accounts instead; a thorough examination of the terms of free services prior to registration; and a regular review and deletion of stored data to ensure continued control.
TECHx
4 days ago
- TECHx
Ransomware on the Rise
Home » Emerging technologies » Cyber Security » Ransomware on the Rise Ransomware attacks in the Emirates are escalating, and while the region has cutting-edge digital infrastructure, it is now being tested by a wave of increasingly sophisticated cybercrime. According to the UAE Cybersecurity Council, ransomware incidents surged by 32% in 2024 compared to the previous year. Financial institutions, energy companies, and healthcare providers were among the most frequently targeted, as threat actors capitalized on the region's digital transformation. This isn't just a local concern. Globally, ransomware is evolving from blunt-force encryption to more insidious, double-extortion models, stealing sensitive data before locking systems, and threatening to release it publicly unless ransoms are paid. In the UAE, where government trust and corporate reputation are paramount, the stakes are exponentially higher. The Anatomy of a Threat The UAE's ransomware landscape is shaped by global crime syndicates that now operate like tech startups, professional, agile, and productized. Groups such as LockBit, Qilin, Flocker, and DarkVault are some of the main perpetrators operating in the region, according to These groups often use ransomware-as-a-service (RaaS) models to scale operations without getting their digital hands dirty. In 2024 alone, 34 ransomware incidents were recorded in UAE financial institutions, up from 27 in 2023, as highlighted by ZCyberSecurity's UAE Threat Report. The attackers used phishing emails, unpatched software, and increasingly social engineering tactics powered by AI. Notably, a ransomware attack on Moorfields Eye Hospital Dubai encrypted over 60 GB of sensitive patient data, placing immense pressure on healthcare regulators to reinforce digital defenses, as reported in CentralEyes' breach analysis. Why the UAE Is a Prime Target The UAE's hyper-digital economy is both a strength and a soft spot. With aggressive investment in smart cities, fintech, and AI-driven public services, the attack surface has expanded dramatically. The country's economic diversity and digital-first culture present a high-reward scenario for threat actors. Additionally, the UAE's reputation on the global innovation stage makes its digital vulnerabilities headline-worthy. Cybercriminals are keenly aware that breaches here have the potential to make international news, raising pressure on victims to pay ransoms quickly and quietly. To Pay or Not to Pay? A particularly troubling statistic comes from Nearly 50% of UAE-based organizations impacted by ransomware chose to pay the ransom in 2024. This is significantly higher than the global average and signals a dangerous precedent. Paying ransoms might offer a short-term solution, but experts warn that it invites repeat attacks and funds future criminal operations. Worse yet, ransom payments don't guarantee full data recovery, a reality many UAE businesses have painfully learned. Shifting from Reaction to Prevention Despite the spike in attacks, the UAE is not standing still. The government has deployed AI-powered defense systems capable of detecting and neutralizing up to 200,000 attacks per day on critical infrastructure. The UAE Cybersecurity Council has also intensified its public-private sector collaboration, including partnerships with GISEC, Dubai Police, and major cloud providers. Cybersecurity regulations have evolved as well, requiring mandatory breach reporting and encouraging the use of 'zero trust'. While large enterprises and government entities have fortified their defenses, SMEs remain vulnerable. Many lack dedicated cybersecurity teams or even basic security hygiene. This makes them low-hanging fruit for attackers using automated tools to scan for weaknesses. Moreover, despite rising awareness, cyber insurance uptake remains low, and many organizations are unclear on whether they're even covered in the event of a ransomware attack. With threat actors evolving faster than policies, regulatory bodies are now pushing for more transparency and minimum security standards across sectors.
