Skip to main content

49% of organisations in UAE experience ransomware attacks last year

Chester Wisniewski, principal research scientist at Sophos
(Image credit: Sophos)

Ransomware attacks remain a very real threat for organisations and about 49% of the organisations in the UAE experienced it last year compared to 51% globally.

According to cybersecurity solutions provider Sophos’ global survey, The State of Ransomware 2020, the average cost of addressing the impact of such an attack, including business downtime, lost orders, operational costs, and more, but not including the ransom, was more than $730,000 while the average cost rose to $1.4 million, almost twice as much, when organisations paid the ransom.

The average ransomware remediation cost in the UAE is about $696,305 while Sweden and Japan report considerably higher costs than all other countries.

The survey also revealed that 19% of the organisations that were attacked in the UAE admitted to paying the ransom while more than one quarter (27%) of organisations hit by ransomware globally admitted paying the ransom.

The survey polled 5,000 IT decision-makers in organizations in 26 countries across six continents, including Europe, the Americas, Asia-Pacific and central Asia, the Middle East, and Africa. 

India tops the list with 82% of organisations reporting being hit by ransomware in the last year, followed by Brazil with 65%, Turkey with 63%, Belgium and Sweden with 60%.

The UAE is ranked 14th on the global list. 

The Philippines, Poland and South Africa reported the lowest levels of cyberattacks as they have lower GDP than many of the other countries which may be why they receive less focus from the cybercriminals.

Globally, data was encrypted in nearly three quarters (73%) of attacks that successfully breached an organisation, while in the UAE, it was 78%. 

Chester Wisniewski, principal research scientist at Sophos, said that organisations may feel intense pressure to pay the ransom to avoid damaging downtime. 

Moreover, he said that paying the ransom appears to be an effective way of getting data restored, but this is illusory. 

Sophos’ findings show that paying the ransom makes little difference to the recovery burden in terms of time and cost. 

“This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair,” he said.

Effective backup system is critical

The survey showed that more than half (56%) the IT managers surveyed were able to recover their data from backups without paying the ransom compared to 66% in the UAE while a very small minority of cases (1%), paying the ransom did not lead to the recovery of data. 

This figure rose to 5% for public sector organisations. In fact, 13% of the public sector organisations surveyed never managed to restore their encrypted data, compared to 6% overall. 

However, contrary to popular belief, the public sector was least affected by ransomware, with just 45% of the organisations surveyed in this category saying they were hit by a significant attack in the previous year. At a global level, media, leisure and entertainment businesses in the private sector were most affected by ransomware, with 60% of respondents reporting attacks.

 “An effective backup system that enables organisations to restore encrypted data without paying the attackers is business critical, but there are other important elements to consider if a company is to be truly resilient to ransomware,” Wisniewski said. 


  • Start with the assumption that you will be hit. Ransomware it doesn’t discriminate: every organisation is a target, regardless of size, sector, or geography. Plan your cybersecurity strategy based on the assumption that you will get hit by an attack. 
  • Invest in anti-ransomware technology to stop unauthorised encryption.  
  • Protect data wherever it’s held. Your strategy should include protecting data in the public cloud, private cloud, and on-premises. 
  • Make regular backups and store offsite and offline. Using backups to restore your data considerably lowers the costs of dealing with the attack compared with paying the ransom. 
  • Ensure your cyber insurance covers ransomware. Make sure that you’re fully covered if the worst does happen. 
  • Ensure your cyber insurance covers ransomware. Make sure that you’re fully covered if the worst does happen.