Low-cost cyberattacks with devastating impact are reshaping enterprise security priorities, warn leading experts across the GCC and global cybersecurity landscape.
In 2024, the average cost of a data breach reached $4.88 million, according to global threat research. While boardrooms and CISOs scramble to secure budgets, bad actors are exploiting low-cost tools to penetrate enterprise networks for a fraction of that amount. Cybercriminals, some spending as little as $100, are causing multi-million-dollar losses through infostealers and access logs sold cheaply on the dark web.
Vakaris Noreika, a cybersecurity expert at NordStellar, has been sounding the alarm about the economics of cybercrime. “Cybercriminals can buy 16 gigabytes of personal information for just $1. These stealer logs—containing everything from passwords to credit card data—are sold via Telegram and dark web forums. The financial asymmetry is what makes this threat so dangerous.”
Infostealers are designed to discreetly infiltrate devices, harvesting data like login credentials, browser cookies, and sensitive documents. Once the data is compiled, it becomes a currency on underground marketplaces. Hackers target corporate domains found in these data dumps to execute precise, damaging attacks.
“If an employee’s credentials end up in a stealer log, hackers can identify the organization by the email domain, infiltrate the network, and extract more valuable assets,” Noreika explains. “Sometimes they escalate the attack with ransomware, demanding a payout to restore operations.”
“Cybersecurity isn’t an IT issue—it’s a boardroom concern. A breach doesn’t just cost money. It damages trust, disrupts lives, and undermines entire organizations.”
Utkarsh Sinha, CISO at Kalam Telecom in Bahrain, emphasizes the financial disparity between attackers and defenders. “The cost of a breach for an organization stems from a combination of factors: legal expenses, regulatory fines, reputational damage, and erosion of market capitalization. In contrast, attackers spend minimally, primarily due to poor data protection controls and lax security hygiene.”
AI has also heightened the stakes. “Data breaches are no longer just operational risks—they threaten strategic initiatives tied to AI and digital transformation,” says Varun Vij, Cybersecurity Manager at Keolis.MHI. “AI alone is projected to generate over 1,000 zettabytes of data by 2030. And most organizations are already struggling to secure the data they have.”
Vij warns that Chief Information Security Officers (CISOs) must realign their roles from being political or symbolic figures to pragmatic protectors of business value. “CISOs need deep pockets and even deeper influence. Aligning cybersecurity to business priorities isn’t just best practice—it’s survival.”
The Commoditization of Data: A Global Threat
“Nowadays, data is being sold like a commodity,” says Shailesh Mani, Group IT Head at DBMSC Steel. “Massive breaches at confidential data repositories have made personal information alarmingly accessible and cheap. The fact that 16 GB of such data can be purchased for just a dollar should terrify any enterprise.”
Mani calls for a coordinated framework involving governments, regulators, and private players. “The commoditization of sensitive data doesn’t just destabilize networks—it corrodes the trust infrastructure supporting global business. Without a strong cybersecurity framework, we are heading toward systemic failure.”
“When 16GB of personal data sells for $1 but the average breach costs $4.88 million, under-investment stops being a budget issue and becomes negligence.”
— Frederik Bisbjerg, Deputy CEO, eData Information
Cyber-Hygiene: A Basic Necessity
Despite the known risks, many organizations still underinvest in cybersecurity. “We talk endlessly about AI, yet most firms still spend more on coffee than on basic cyber-hygiene,” remarks Frederik Bisbjerg, Deputy CEO of eData Information. “When 16 GB of personal data sells for $1, but a breach costs $4.88 million, under-investment becomes negligence.”
Bisbjerg urges regulatory and insurance bodies to step in. “Insurers should tie cyber coverage to enforceable standards. Fund nationwide awareness campaigns. Reward organizations that adopt low-cost, high-impact tools like multi-factor authentication, encryption by default, and consistent patching.”
“The cost of a breach stems from legal fines, reputational loss, and market erosion. But the attackers’ cost is shockingly low.”
— Utkarsh Sinha, CISO, Kalaam Telecom Group
Zero Trust and AI-Driven Defense: What Works
Mohammed Nabeel Zubair, Senior Cybersecurity & Risk Compliance Engineer and AI-driven strategist at Makita Gulf FZE, advocates for a mindset shift in enterprise defense. “It’s tough to ignore a number like $4.88 million. But even tougher is realizing that attacks often begin with just $100. I’ve seen it firsthand—one unpatched system or misconfigured service is all it takes.”
“Cybercriminals can buy 16GB of data for a dollar—security today must account for this imbalance.”
His team in Dubai has embraced AI-driven defense and Zero Trust architecture. “It’s not about trends; it’s about what works. By deploying these principles, we’ve reduced our exposure to cyber threats by nearly 45%.”
Zubair also underscores the role of people. “The talent gap in cybersecurity isn’t just a hiring challenge—it’s a national risk. Over the years, I’ve mentored over 200 professionals. Building a culture of continuous defense starts with education, from interns to board members.”
He adds, “Cybersecurity isn’t just an IT issue. It’s a boardroom concern and a business survival strategy. If we don’t take it seriously, we’ll keep paying the price.”
“A hacker can spend just $100 and cause a breach that costs $4.88 million. The contrast is staggering.”
– Mario Foster, Group CIO, Al Ghurair Group
The Way Forward: Fundamentals and Vigilance
Mario Foster, Group CIO of Al Ghurair Group, sums it up succinctly: “It’s still surprising to see how a hacker can spend just $100 and cause a breach that costs $4.88M. This stark contrast shows how low-cost attacks can lead to huge consequences.”
Foster believes the answer lies in getting the basics right. “Ongoing employee training, tight access controls, and a robust incident response plan are not optional. Preventing these low-cost attacks is far more cost-effective than dealing with the aftermath.”
His advice? Treat cybersecurity as a fundamental part of digital strategy. “Proactive security measures are essential to protecting both data and operations.”
“AI is fueling a knowledge economy built on data. While enterprises still fumble with today’s risks, tomorrow’s are arriving faster than budgets.”
— Varun Vij, Cybersecurity Manager, Keolis.MHI
Conclusion:
The economics of cybercrime have changed, and defenders must adapt. Organizations can no longer afford to treat cybersecurity as an isolated IT issue or a compliance checkbox. With attackers investing $100 and causing millions in damages, the conversation must shift toward proactive investment, regulatory reform, and leadership accountability.
“Sensitive personal data is now being sold like a commodity—cheap, abundant, and dangerously exploitable.”
— Shailesh Mani, Group IT Head, DBMSC Steel
From Zero Trust models and AI automation to employee education and cross-sector collaboration, the message from cybersecurity leaders is clear: we know what works. Now it’s time to act on it—before the next low-cost breach becomes a high-cost catastrophe.
