Four of five organisations in UAE faced at least one ‘cyber attack’ in 2019 – study

As many as 75 per cent respondents admitted that they train their employees on cybersecurity best practices twice a year or less



As many as 82 per cent organisations in the UAE faced at least one cyber attack in 2019, while 51 per cent reported multiple incidents, research by cyber security and compliance firm Proofpoint revealed.

Account compromise led cyber attack methods in the UAE in 2019, impacting 28 per cent of the companies surveyed, followed by credential phishing (20 per cent) and insider threats (17 per cent).

The survey, which polled 150 CSOs/CISOs from different industries in the UAE, revealed that almost one third of respondents (29 per cent) believed account compromise will continue to be the UAE’s biggest cyber threat over the next three years, followed by Distributed Denial of Service (DDoS) attacks (28 per cent) and phishing (19 per cent).

The research further revealed that financial loss (29 per cent) and data breaches (28 per cent) were the biggest outcomes for UAE organisations in 2019, followed by a decreased customer base (23 per cent).

Common security errors made by employees according to CSOs and CISOs in the UAE include poor password hygiene (29 per cent), mishandling sensitive information (25 per cent), falling for phishing attacks (24 per cent), and clicking on malicious links (20 per cent), the survey revealed.

Meanwhile,19 per cent cited criminal insider threats as a growing concern for businesses.

“A people-centric strategy is a must for organisations in the UAE, as cybercriminals increasingly target people rather than infrastructure, with the aim of stealing credentials, siphoning sensitive data, and fraudulently transferring funds,” said Emile Abou Saleh, regional director, Middle East and Africa at Proofpoint.

“With our research revealing that 39 per cent of UAE CSOs and CISOs believe their employees make their business vulnerable to cyber attacks, education and security awareness is a mission critical priority and could make the difference between an attempted cyber attack and a successful one. Along with technical solutions and controls, a comprehensive training program should sit at the heart of an organization’s cyber defense.”

Despite perennial threats, 75 per cent of respondents train their employees on cybersecurity best practices twice a year or less while 23 per cent of UAE-based organisations train their employees more than thrice a year.

Further, UAE-based firms believe cyber security will become more of a business priority moving forward, with 50 per cent reviewing their cybersecurity strategy twice a year or more and 69 per cent expecting their cybersecurity budget to rise by 11 per cent or more over the next two years.

Read: Watch: How to prepare for and respond to a cyber attack?

Also read: Is coronavirus the newest threat to cybersecurity in the GCC?