Exploited vulnerabilities and lack of cyber resources remain key enablers of ransomware in the UAE
Nearly 43% of UAE organizations impacted by ransomware attacks opted to pay the ransom, despite growing global awareness and negotiation efforts to minimize payment. This finding is part of Sophos’ newly released State of Ransomware 2025 report, based on a global survey of 3,400 IT and cybersecurity leaders across 17 countries.
The report reveals a median ransom payment of $1.33 million in the UAE, while highlighting a significant shift in strategy: 30% of UAE firms negotiated down the attacker’s initial demand, reflecting a maturing incident response capability. Globally, ransom payments dropped 50% over the past year, signaling better preparedness and negotiation support.
Still, ransomware remains a persistent and evolving threat in the UAE, where 55% of attacks resulted in data encryption, and in 43% of those cases, the data was also stolen—a notably higher rate than the global average of 28%.
“For many businesses, getting hit by ransomware is no longer a question of ‘if’—it’s ‘when.’ But what makes the difference is how prepared you are to respond, recover, and avoid paying attackers,”
Chester Wisniewski, Director, Field CISO, Sophos
Vulnerabilities remain the Achilles’ heel, with 42% of UAE ransomware incidents caused by unpatched flaws. Meanwhile, 49% of local victims admitted the attackers exploited unknown gaps in their environment. A shortage of resources was also cited, with 54% of UAE firms blaming inadequate staffing or skills for their vulnerability to attacks.
Beyond the financial toll, the human cost is also mounting:
- 42% of IT teams reported increased anxiety about future attacks
- 40% experienced pressure from senior leadership
- 18% reported team absenteeism due to mental health concerns
Despite the challenges, recovery efforts were encouraging: 98% of UAE organizations recovered their data, with 68% relying on backups and 43% paying ransoms. Impressively, 63% fully recovered within a week, surpassing the global average of 53%.
“While ransom payments grab headlines, the real story lies in resilience,” said Wisniewski. “Organizations are increasingly investing in Managed Detection and Response (MDR) and proactive strategies—from patching and vulnerability management to stress-tested backups—to harden their defenses.”
Sophos recommends that UAE companies eliminate common attack vectors, bolster endpoint security, implement round-the-clock monitoring, and build tested incident response plans to stay ahead of evolving ransomware threats.
