Latest news with #UAECybersecurityCouncil
Hi Dubai
5 days ago
- Business
- Hi Dubai
The Importance of Cyber Insurance for Dubai Businesses
As Dubai continues its rapid digital expansion—embracing smart city infrastructure, AI-driven services, and cloud-based operations—the risk of cyberattacks is growing just as fast. But are businesses keeping pace with the threats? According to the UAE Cybersecurity Council, the country has seen a sharp increase in the frequency and complexity of cyber incidents targeting both public and private sectors. A 2023 Interpol report highlighted the Middle East as a rising hotspot for ransomware and phishing campaigns, with the UAE named among the most targeted GCC nations. Why is Dubai particularly vulnerable? As a regional headquarters for global corporations and a thriving hub for fintech, healthcare, and logistics, the city holds high-value data that attracts both organized cybercriminals and opportunistic threat actors. What would happen if a critical system went down? Or if sensitive customer data was exposed? For many businesses, the financial and reputational damage could be irreversible. In this article, we'll explore the role cyber insurance plays in protecting Dubai-based businesses from these rising digital threats. From what it covers to how much it costs, and which providers are leading the market, everything you read here is based on official sources and verified information. What Is Cyber Insurance? Cyber insurance is a specialized form of business coverage designed to protect companies from financial losses caused by cyber incidents, such as hacking, ransomware attacks, data breaches, or system failures. It helps organizations recover from disruptions, manage liabilities, and maintain operational continuity during and after a digital threat. Most policies are divided into two main types of protection: first-party and third-party coverage. First-Party Coverage: Protecting Your Own Business When your systems go down or sensitive data is compromised, first-party coverage helps cover the direct losses your business faces. This typically includes: Business interruption costs caused by system downtime. Data recovery and restoration, including forensic investigation to identify and resolve the breach. Legal and regulatory notification expenses, such as notifying affected customers and managing compliance requirements. First-party coverage may also include compensation for revenue losses and administrative fines if the breach occurred due to internal failures in data protection. Third-Party Coverage: Managing External Liabilities If a breach affects your clients, partners, or any third party, this coverage handles claims made against your business. It often includes: Liability for financial losses that others may suffer as a result of the incident. Legal defense costs in case of lawsuits or investigations. Regulatory fines or penalties related to data protection violations. What Does Cyber Insurance Cover? Cyber insurance typically includes the following key areas of coverage that help businesses respond to and recover from digital threats: 1. Incident Response and Forensics Cyber insurance usually provides access to a dedicated team of cybersecurity experts who respond immediately after a breach. This includes digital forensics to understand how the attack happened, containing the threat, and guiding your team through the first critical hours. 2. Legal Expenses and Regulatory Fines If a cyber incident triggers legal issues or regulatory investigations, the policy covers legal advice, defense costs, and penalties. This is particularly important for businesses in the UAE, where data protection regulations are increasingly strict and enforcement is becoming more proactive. 3. Customer Notification and Credit Monitoring If customer data is compromised, insurers will cover the cost of notifying affected individuals. Many policies also include credit monitoring or identity protection services to help rebuild customer trust and meet compliance requirements. 4. Public Relations and Reputation Management To help manage public perception after an attack, cyber insurance often includes access to PR consultants who handle media communication and reputation recovery. This support can be crucial when trying to reassure customers, partners, and investors. 5. Business Interruption and Extra Expenses If your operations are disrupted due to a cyber event, the policy can compensate for lost income and additional expenses incurred during recovery. This might include emergency IT support, renting temporary infrastructure, or even relocating operations briefly. 6. Cyber Extortion and Ransomware Coverage typically includes ransom payments, expert negotiation support, and the technical services needed to restore systems after an attack. With ransomware becoming more common in the region, this has become a key part of most cyber insurance policies. 7. Data Restoration In case of data loss, deletion, or corruption, cyber insurance helps cover the cost of restoring systems, software, and databases. This ensures that your business can get back to normal operations as quickly and smoothly as possible. Why It's Important for Dubai Businesses Cyber threats in the UAE have increased significantly in recent years. Businesses in Dubai are particularly exposed due to their reliance on digital platforms, cloud systems, and financial technologies. As phishing, ransomware, and malware attacks grow more sophisticated, having cyber insurance in place becomes a critical safety net. It ensures that a single breach does not disrupt business continuity or lead to long-term damage. One of the biggest reasons businesses invest in cyber insurance is for financial protection. A serious cyberattack can lead to major expenses, including legal fees, data recovery, operational downtime, and even ransom payments. Without insurance, these costs fall entirely on the business. With insurance, however, you gain a financial buffer that can help absorb the impact and prevent sudden financial loss or insolvency. Regulatory compliance is another growing priority. The UAE has been strengthening its data protection laws, requiring businesses to report breaches, notify affected customers, and demonstrate preparedness. A good cyber insurance policy helps businesses meet these obligations by covering legal advice, documentation support, and regulatory penalties, especially under the UAE's Personal Data Protection Law (PDPL). Perhaps one of the most valuable aspects of cyber insurance is access to expert support. Most policies include 24/7 emergency response teams that guide businesses through the chaos of a breach. These teams often include incident responders, digital forensic analysts, legal consultants, and public relations experts who can step in immediately, minimize damage, and help the business recover efficiently. In short, cyber insurance is not just about compensation. It is about being equipped to respond, comply, and recover with confidence. Leading Cyber Insurers in Dubai / UAE QBE QBE offers a comprehensive policy called QCyberProtect, which includes cyber liability, media liability, data breach legal costs, business interruption coverage, and data restoration. The policy is available globally and is widely used by businesses in the UAE. They provide 24/7 crisis support through an expert panel that includes specialists in forensics, legal affairs, and public relations. Additional tools like a secure 'saferoom' help businesses activate response plans quickly when incidents occur. QBE also offers ongoing risk management support through its Cyber Risk Management Portal and provides discounts on preventative services, showing a commitment to both proactive and reactive protection. Why QBE is a top choice: Globally consistent coverage with specialized tools, strong support systems, and round-the-clock incident response. AIG (CyberEdge) AIG's CyberEdge policy includes protection for data loss, regulatory fines, cyber extortion, third-party liabilities, and business interruption. The policy also grants access to a comprehensive cyber resiliency program that offers services such as risk assessments, vulnerability scans, phishing simulations, Darknet monitoring, and ransomware preparedness, customized based on the level of coverage. AIG operates on a 'Claims First' model, providing immediate IT forensics and legal support, along with continuous advisory throughout the policy duration. Why AIG stands out: Strong focus on prevention, deep technical resources, and global expertise from claim initiation to resolution. Howden Howden focuses heavily on incident response. Their policies include expert-led containment and system restoration services, making them particularly appealing for businesses looking for hands-on support during and after an attack. Why Howden excels: A practical, specialist-driven approach to cyber recovery—ideal for businesses in the UAE seeking reliable and fast incident resolution. Arthur J. Gallagher (AJG) AJG offers tailored cyber insurance solutions that include 24/7 access to breach response teams. These teams are equipped to handle digital forensics, legal guidance, and public relations support. Their policies are designed to be highly customizable, adapting to the specific needs and operational risks of each business while ensuring immediate access to expert help when needed. Why AJG matters: Flexible, client-focused coverage with around-the-clock support, ideal for businesses needing personalized protection and fast intervention. UAE Cyber Insurance Cost Breakdown Business Type Coverage Scope Estimated Annual Premium (AED) Small Business (SME) Basic coverage for data breach, basic liability 1,800 – 3,700 Mid-sized Business Broader coverage including extortion, PR, BI 7,400 – 18,500 Large Enterprise / High Risk Sector Full coverage including compliance, restoration, large liability 37,000+ BI = Business Interruption What Affects the Cost of Cyber Insurance in the UAE? Premiums vary significantly based on the following factors: Business Size & Revenue : Larger organizations face more complex risks and pay higher premiums. : Larger organizations face more complex risks and pay higher premiums. Industry Sector : Companies in finance, healthcare, and e-commerce typically pay more due to regulatory and data sensitivity. : Companies in finance, healthcare, and e-commerce typically pay more due to regulatory and data sensitivity. Cybersecurity Measures : Businesses with strong protections—like firewalls, encryption, MFA, and employee training—are considered lower risk and may receive discounted premiums. : Businesses with strong protections—like firewalls, encryption, MFA, and employee training—are considered lower risk and may receive discounted premiums. Claims History : A business with no history of incidents or breaches is likely to receive more favorable rates. : A business with no history of incidents or breaches is likely to receive more favorable rates. Coverage Limits & Deductibles: Higher coverage amounts and lower deductibles increase premiums; balancing these appropriately helps control costs. Tips to Reduce Premiums Without Compromising Protection Invest in Cyber Hygiene : Implement basic controls like endpoint protection, backup systems, and staff awareness programs. Many insurers offer lower rates for businesses with strong internal protocols. : Implement basic controls like endpoint protection, backup systems, and staff awareness programs. Many insurers offer lower rates for businesses with strong internal protocols. Bundle with Other Insurance : Some UAE insurers allow cyber to be added to broader business insurance policies (e.g., SME packages), which can reduce costs. : Some UAE insurers allow cyber to be added to broader business insurance policies (e.g., SME packages), which can reduce costs. Choose the Right Deductible : Opting for a slightly higher deductible can reduce premium costs while still maintaining core protection. : Opting for a slightly higher deductible can reduce premium costs while still maintaining core protection. Work with Specialized Brokers: Brokers like PolicyBazaar UAE and can help assess your risk profile and connect you to insurers offering the best coverage-to-cost ratio. Emerging Risks and Policy Adaptation AI and Deepfake Risks AI-generated deepfakes—such as fabricated videos or voice recordings—are a growing threat, capable of tricking staff into approving fraudulent transactions or damaging reputations. Recent reports from Reuters highlight how insurers are introducing affirmative AI endorsements that specifically cover incidents involving deepfakes under cyber policies. These endorsements aim to clarify and extend coverage where traditional policies may fall short. War and State-Sponsored Attack Exclusions Many cyber insurance policies now include a 'war exclusion clause', which excludes coverage for "hostile or warlike actions" by state-backed actors. While these clauses have historically been narrow, insurers are extending them to include state-sponsored cyberattacks, even in peacetime. The evolving wording places extra emphasis on: Whether the attacker is a sovereign state Whether the attack qualifies as a warlike act Recent legal developments, such as the U.S. Merck case, have ruled that a war exclusion should not broadly apply to cyber incidents, especially if they lack direct military action. Nonetheless, it is now standard for policies to contain explicit exclusions related to state-sponsored cyber operations. Why This Matters for Dubai Businesses Deepfake protection : Without AI-specific endorsements, traditional cyber policies may not cover losses resulting from AI-based fraud, leaving organizations exposed to new forms of attack. : Without AI-specific endorsements, traditional cyber policies may not cover losses resulting from AI-based fraud, leaving organizations exposed to new forms of attack. State-supported cyber threats: As cyber warfare evolves, it's possible that major disruptions could result from nation-state actors. Businesses should scrutinize war exclusion language to ensure clarity about which attacks are covered. What UAE Companies Should Do Request AI endorsements in your policy to ensure incidents involving deepfakes or AI manipulation are explicitly covered. in your policy to ensure incidents involving deepfakes or AI manipulation are explicitly covered. Carefully review war exclusion clauses : Seek clear definitions regarding state-sponsored cyberattacks and explore add-ons or special endorsements that limit these exclusions. : Seek clear definitions regarding state-sponsored cyberattacks and explore add-ons or special endorsements that limit these exclusions. Consult with local brokers and insurers, as UAE policy language is adapting quickly to include or exclude these emerging risks. Ensuring alignment with your risk profile is now essential for complete protection. When choosing a cyber insurance policy in the UAE, it's critical to understand what is covered—and just as importantly, what isn't. Below are the essential elements that every Dubai-based business should evaluate before finalizing coverage: 1. First-party and Third-party Coverage A strong cyber insurance policy should protect both internal and external losses. First-party coverage addresses direct impacts on your business, such as data restoration, operational downtime, and recovery costs. Third-party coverage, on the other hand, protects you from liabilities related to customer claims, legal actions, and regulatory penalties. Both are essential to ensure your business is comprehensively protected from cyber risks. 2. Incident Response Services Time is critical during a cyber incident. Make sure your policy includes immediate access to expert-led response teams that handle forensic investigations, system containment, legal advice, and communication strategy. A fast and coordinated response can significantly reduce the impact of a breach. 3. Ransomware and Extortion Coverage With ransomware becoming one of the most common cyber threats, it's important that your policy explicitly covers ransom demands, negotiation support, and associated recovery costs. This is especially relevant given the rise in sophisticated double-extortion tactics where data is both encrypted and threatened with public release. 4. Regulatory Fine Coverage under UAE Data Laws UAE regulations, such as the Personal Data Protection Law (PDPL) impose strict obligations on breach reporting and consumer protection. Your insurance policy should include coverage for legal consultation, documentation support, and any regulatory fines that may be imposed in case of non-compliance. 5. Exclusions and War Clauses Some policies include clauses that exclude cyberattacks deemed to be state-sponsored or linked to geopolitical conflict. These "war exclusions" can limit your protection in cases of large-scale or coordinated cyber events. It is important to read these clauses carefully and explore endorsement options if your business is at risk of being targeted in such scenarios. Tip: Always review the fine print with your insurer or broker and tailor your policy to match the scale, structure, and exposure of your business. Gaps in coverage often come from unclear exclusions or assumptions about what's automatically included. In today's digital-first environment, cyber risks are no longer a distant threat. They are a daily reality for businesses in Dubai. Having the right cyber insurance policy in place helps protect against financial losses, supports regulatory compliance, and gives businesses access to expert guidance when it matters most. As threats evolve, so should your coverage. Reviewing your options carefully, understanding what's included, and choosing a provider with strong local support can make all the difference in managing risk and maintaining business continuity. Also read: Protect Your Ideas: Trademark Registration in Dubai Learn how to register a trademark in Dubai with this step-by-step 2025 guide. Understand eligibility, costs, legal benefits, and common mistakes to protect your brand effectively in the UAE. Copyright vs. Trademark vs. Patent: Breaking Down Intellectual Property Rights Let's break down the three big ones: copyright, trademark and patent, and figure out which one you need for what. Why Summer is the Best Time to Digitally Transform Your Business in Dubai Summer in Dubai offers the ideal time to upgrade systems, train teams, and prepare your business for a stronger, more efficient Q4.
TECHx
12-07-2025
- Business
- TECHx
Ransomware on the Rise
Home » Emerging technologies » Cyber Security » Ransomware on the Rise Ransomware attacks in the Emirates are escalating, and while the region has cutting-edge digital infrastructure, it is now being tested by a wave of increasingly sophisticated cybercrime. According to the UAE Cybersecurity Council, ransomware incidents surged by 32% in 2024 compared to the previous year. Financial institutions, energy companies, and healthcare providers were among the most frequently targeted, as threat actors capitalized on the region's digital transformation. This isn't just a local concern. Globally, ransomware is evolving from blunt-force encryption to more insidious, double-extortion models, stealing sensitive data before locking systems, and threatening to release it publicly unless ransoms are paid. In the UAE, where government trust and corporate reputation are paramount, the stakes are exponentially higher. The Anatomy of a Threat The UAE's ransomware landscape is shaped by global crime syndicates that now operate like tech startups, professional, agile, and productized. Groups such as LockBit, Qilin, Flocker, and DarkVault are some of the main perpetrators operating in the region, according to These groups often use ransomware-as-a-service (RaaS) models to scale operations without getting their digital hands dirty. In 2024 alone, 34 ransomware incidents were recorded in UAE financial institutions, up from 27 in 2023, as highlighted by ZCyberSecurity's UAE Threat Report. The attackers used phishing emails, unpatched software, and increasingly social engineering tactics powered by AI. Notably, a ransomware attack on Moorfields Eye Hospital Dubai encrypted over 60 GB of sensitive patient data, placing immense pressure on healthcare regulators to reinforce digital defenses, as reported in CentralEyes' breach analysis. Why the UAE Is a Prime Target The UAE's hyper-digital economy is both a strength and a soft spot. With aggressive investment in smart cities, fintech, and AI-driven public services, the attack surface has expanded dramatically. The country's economic diversity and digital-first culture present a high-reward scenario for threat actors. Additionally, the UAE's reputation on the global innovation stage makes its digital vulnerabilities headline-worthy. Cybercriminals are keenly aware that breaches here have the potential to make international news, raising pressure on victims to pay ransoms quickly and quietly. To Pay or Not to Pay? A particularly troubling statistic comes from Nearly 50% of UAE-based organizations impacted by ransomware chose to pay the ransom in 2024. This is significantly higher than the global average and signals a dangerous precedent. Paying ransoms might offer a short-term solution, but experts warn that it invites repeat attacks and funds future criminal operations. Worse yet, ransom payments don't guarantee full data recovery, a reality many UAE businesses have painfully learned. Shifting from Reaction to Prevention Despite the spike in attacks, the UAE is not standing still. The government has deployed AI-powered defense systems capable of detecting and neutralizing up to 200,000 attacks per day on critical infrastructure. The UAE Cybersecurity Council has also intensified its public-private sector collaboration, including partnerships with GISEC, Dubai Police, and major cloud providers. Cybersecurity regulations have evolved as well, requiring mandatory breach reporting and encouraging the use of 'zero trust'. While large enterprises and government entities have fortified their defenses, SMEs remain vulnerable. Many lack dedicated cybersecurity teams or even basic security hygiene. This makes them low-hanging fruit for attackers using automated tools to scan for weaknesses. Moreover, despite rising awareness, cyber insurance uptake remains low, and many organizations are unclear on whether they're even covered in the event of a ransomware attack. With threat actors evolving faster than policies, regulatory bodies are now pushing for more transparency and minimum security standards across sectors.
TECHx
02-07-2025
- Business
- TECHx
Sheikh Mansour Reviews UAE Cybersecurity Council Plans
Home » Latest news » Sheikh Mansour Reviews UAE Cybersecurity Council Plans His Highness Sheikh Mansour bin Zayed Al Nahyan, Vice President, Deputy Prime Minister, and Chairman of the Presidential Court, reviewed the latest efforts of the UAE Cybersecurity Council. During a visit to the Council's headquarters, Sheikh Mansour was briefed on the progress of the National Cybersecurity Strategy. The strategy is built on five key pillars: governance, protection, innovation, establishing and building, and partnership. Officials reported that the strategy focuses on leveraging advanced technologies to raise cybersecurity awareness. It also aims to develop legal frameworks and build national talent to create a globally competitive workforce. The Council also revealed plans to: Strengthen public-private partnerships for integrated cybersecurity solutions Expand international cooperation to counter cross-border cyber threats Sheikh Mansour emphasized that cybersecurity is vital to economic and social stability, especially in today's rapidly evolving digital landscape. He added that the UAE is committed to adopting global best practices and enhancing cooperation frameworks to ensure a secure digital environment. The UAE's cybersecurity efforts are closely aligned with its sustainable development goals. These initiatives also aim to boost investor confidence and reinforce global partnerships. Sheikh Mansour praised the UAE Cybersecurity Council's role in protecting digital infrastructure. He highlighted that these efforts helped the UAE earn a top-tier global ranking in the Global Cybersecurity Index issued by the International Telecommunication Union (ITU). He also stressed the importance of the recently launched development and investment initiatives, which support the growth of artificial intelligence. These initiatives align with the implementation of the National Cybersecurity Strategy and the development of secure digital infrastructure such as the National Security Operations Centre (NSOC). Sheikh Mansour stated that protecting digital investments is key to building a sustainable, innovation-driven economy. Dr. Mohamed Al Kuwaiti, Chairman of the UAE Cybersecurity Council, highlighted the critical role of digital systems like the NSOC in defending the nation's digital infrastructure. He noted that these systems help protect the national economy from rising cyber threats. Dr. Al Kuwaiti reported that the UAE's cybersecurity approach enables proactive and rapid responses. He said the country's focus goes beyond infrastructure protection, aiming to empower society and the economy in a secure digital environment. He added that the strategy supports the broader national vision to use advanced technologies to serve communities and improve quality of life. The UAE aims to be a global model for digital security and innovation. Dr. Al Kuwaiti described the National Cybersecurity Strategy as a milestone in unifying all stakeholders to protect digital transformation. He said the strategy reflects the UAE's strong commitment to embracing digital opportunities while managing associated risks. He further stressed the value of international standards and national insights in reinforcing the UAE's status as a leading global digital hub. Dr. Al Kuwaiti concluded by noting that these efforts have secured the UAE's top position in the 2024 Global Cybersecurity Index.
Khaleej Times
02-07-2025
- Business
- Khaleej Times
UAE's GCAA no longer provides drone services; applicants must register in official website
The UAE's General Civil Aviation Authority (GCAA) has announced that it no longer provides drone services in the country. Instead, it asked applicants to apply through an official website for drones. 'Drone services are no longer available through GCAA. You can apply for drone services via the regulator said in a statement on its website, adding that applicants will have to submit their request through the designated platform. The website displays logos of the UAE Cybersecurity Council and GCAA, meaning it is jointly run by the two entities. Through this platform, UAE residents can register as a pilot, get access to real-time situational awareness to create effective missions for drone operations, receive immediate approvals for missions in controlled airspace, get live updates of airspace to fly drones safely, and get detailed reports of drone flights. In May 2025, the UAE Cybersecurity Council announced th e first national guidelines for drones due to their increasing use in various sectors such as agriculture, environmental monitoring, and logistics. It said it was imperative to establish the necessary operational signals to proactively address potential cyber threats to protect airspace, infrastructure, and data integrity. In 2022, the UAE banned the use of drones and light sports aircraft for 'owners, practitioners and enthusiasts' after instances of misuse. However, on January 7, 2025, individuals in the UAE were allowed to use drones after the Ministry of Interior announced the partial lifting of the ban. The authority, along with the General Civil Aviation Authority (GCAA), noted that the use of drones would be subject to specific safety conditions aimed at protecting both the community and the airspace. GCAA said in a press conference in January that drone operators in the UAE would have to abide by the requirements and regulations of the federal government as well as the emirate they're operating in. The website has also listed three companies: Emirates Falcon Aeroclub in Al Ain, Melaaha Drones in Fujairah and Versa Aerospace in Abu Dhabi for training purposes. The platform provides links to register, for those operating drones for recreational purposes, and for commercial and government entities. It also lists a manual which has the complete guidelines for operating drones in the country. The manual provides do's and don'ts in terms of times, airspace, areas to operate drones, guidelines to register, set up an account, and flight requests among others.
Channel Post MEA
23-06-2025
- Business
- Channel Post MEA
Cohesity: UAE Workforce Ahead Of Its EMEA Peers In Cyber Confidence And Readiness
Cohesity has released the findings of a new study examining employee preparedness in the face of cyber threats. The research shows that the UAE workforce is ahead of its EMEA peers across several indicators of cyber-readiness, underscoring the country's progress toward its national vision for digital resilience and AI-enabled defence. Conducted among full-time office workers in the UAE, United Kingdom, France, and Germany, the study assessed how confident employees feel in identifying and responding to cyberattacks. Among the standout results, 86 percent of UAE employees expressed confidence in recognising a cyber threat—compared to 81 percent in the UK, 80 percent in Germany, and just 62 percent in France. Nearly nine in ten (89%) UAE respondents also said they trust their organisation's ability to prevent and recover from attacks. Beyond awareness, the study reveals encouraging signs of action-oriented behaviour. Two-thirds of UAE employees say they would report suspicious activity to their cybersecurity team, showing an apt response, in comparison to respondents from the UK (61%), Germany (53%), and France (48%). Amongst other UAE employees, over half would notify their IT department. This instinct to act is supported by ongoing education: 66 percent have received some form of cybersecurity training in the past year. However, the research also highlights areas where further progress is needed. A small but notable group of employees say they would either attempt to resolve a threat on their own (15%) or turn to personal contacts first (19%), indicating a gap in internal reporting clarity, and a potentially risk to the entire organisation that mis-understanding of how important it is that reporting through the correct processes is critical to the quickest resolution of any potential risk of cyber attack . Among those hesitant to report incidents correctly, the leading reasons include fear of blame or confusion (46%), a belief that it isn't their responsibility (27%), and worry about overreacting (14%). Johnny Karam, Managing Director and Vice President, International Emerging Region at Cohesity, commented: 'The findings reflect the UAE's clear leadership in cybersecurity readiness across the EMEA region. With initiatives driven by the UAE Cybersecurity Council and a strong national focus on AI and digital transformation, it's no surprise that employee awareness is rising in step with enterprise investment.' 'What stands out is not just awareness, but the willingness to act. The next step is closing the gap—equipping employees with the tools, clarity, and – perhaps most importantly – confidence to respond without hesitation. If we educate all employees of the serious risks to the organisation of not correctly reporting any potential cyber risks they see, encouraging a mentality that they will not get in trouble for doing so, and highlighting their individual capability to maximise the speed of response all UAE organisations can be more resilient. At Cohesity, we believe true cyber resilience is built on both technology and a culture of empowered people,' Johnny continued. Workforce Preparedness in Step with UAE's Cyber Vision The UAE's continued investment in cybersecurity infrastructure, most recently through advanced threat detection systems activated under the direction of the UAE Cybersecurity Council, demonstrates a firm national commitment to securing the digital landscape. The study shows that employees are already aligning with this vision: Two-thirds of the respondents have undergone cybersecurity training, with 39 percent participating in multiple sessions in the past year. Over half (51%) would report a suspicious incident to IT, while 67% would notify a cybersecurity team, demonstrating a willingness to escalate issues through formal channels. 77 percent are familiar with the term 'ransomware', showing widespread awareness of key threat types. Awareness of cyber threats is on the rise in the UAE, with 77% of employees familiar with the term 'ransomware'. This strong baseline offers an ideal foundation to build upon. By expanding education beyond surface-level awareness to include real-world examples and practical training, companies can empower their teams with the confidence and clarity needed to respond effectively. Bridging the Gap Between Awareness and Action While confidence in reporting and escalating potential ransomware threats within the organisation is high, the study reveals opportunities to further strengthen internal reporting behaviour. Around 15% say they would attempt to resolve a threat themselves, and 19% would first alert their personal contacts, These responses highlight a proactive mindset, which organisations can harness by further strengthening internal reporting protocols and promoting awareness of the appropriate escalation paths. Among the smaller group of employees who expressed hesitation in reporting a potential incident, the most common reasons included: UAE employees showed a strong sense of fear of blame or not understanding the issue (46%), while EMEA employees had a more neutral perspective (UK – 26%, Germany – 20%, and France – 15%). 27 percent of the UAE respondents believed it wasn't their responsibility, showing a much bigger gap to appreciating their role in their organisations cyber safety as compared to their EMEA counterparts (UK -10%, Germany – 12%, and France 19%). 14 percent UAE employees feared overreacting, in-tune with 18 percent of German respondents 15 percent from the UK and 11 percent of French respondents showing similar sentiment. These insights present a valuable opportunity to reinforce a culture of psychological safety, where reporting is easy, supported, and encouraged. By removing the fear of repercussions and clearly defining roles, organisations can build employee confidence and ensure every individual knows how to respond swiftly and correctly. The UAE Advantage: A Workforce Ready to Respond With the UAE government actively advancing national cybersecurity capabilities and frameworks, the country is uniquely positioned to lead by example. Employees are ready and willing: confidence is high, training is widespread, and the instinct to act is evident. To fully unlock this potential, organisations must ensure that every employee, from the frontline to the C-suite, knows their role in safeguarding the business. Mark Molyneux, CTO, EMEA at Cohesity, added: 'These findings confirm what we're seeing across the region: employees are increasingly aware of cyber risks and are willing to step up, which is largely due to the UAE Cyber Security Council's approach to increasing security awareness across the Emirates. But this awareness must be matched with action. The future of cybersecurity will be defined by how quickly organisations can enable secure, informed decisions at every level. That means embedding cyber resilience into daily operations, investing in smart automation, closing the gap between detection and response, and instilling a culture that supports employees in raising concerns early in a safe space. In fast-moving threat environments, AI-powered data security is not a luxury, it's an operational necessity.' Methodology The research was carried out by OnePoll between 28 May – 2 June 2025. The survey captured responses from 500 full-time office workers in the UAE to understand employee beliefs, behaviours, and preparedness about ransomware and other cyber threats. OnePoll is a certified member of the Market Research Society (MRS), adheres to its Code of Conduct, and complies with ESOMAR 37 guidelines for online research. The organisation is also a member of the British Polling Council and Cyber Essentials Plus certified for meeting rigorous cybersecurity standards.
