Ransomware has become a primary threat to organisations worldwide, with Middle Eastern companies not spared from the devastating impact of ransomware attacks, according to the latest report by Mimecast.
Mimecast’s State of Ransomware Readiness 2 report revealed that 59 percent of cybersecurity leaders in the UAE have seen the number of cybersecurity attacks increase or stay the same over the past year, with 39 percent saying they’ve experienced significant downtime due to a ransomware attack.
According to Werno Gevers, cybersecurity expert at Mimecast, business and security leaders see ransomware attacks as virtually inevitable.
“Seventy-five percent of businesses in the UAE reported they experienced a ransomware attack in the past year, ahead of a global average of 64 percent. The consequences can be devastating: a third of UAE cybersecurity teams have experienced an increase in the number of absences due to burnout following an attack, while 23 percent have seen changes in the C-suite due to a successful ransomware attack.”
The report further found that 44 percent of UAE organisations have experienced a loss in revenue due to a ransomware attack in the past twelve months. This may partly explain why nearly half (46 percent) of cybersecurity professionals in the UAE are considering leaving their role in the next two years due to stress or burnout, with 73 percent of cybersecurity leaders in the region saying their role gets more stressful every year.
Gevers says the research also found that 94 percent of global cybersecurity leaders believe more budget is required to combat ransomware, with 24 percent of UAE organisations seeking an increase of 11 percent to 20 percent in their annual cybersecurity budgets.
“Cybersecurity leaders need to focus on proactively reducing the chances of a ransomware attack causing disruption. Organisations need integrated security tools to improve threat detection capabilities and relieve pressure on busy security teams. Good fundamental security practices must be in place to reduce vulnerabilities, and security teams need to evaluate crisis planning to understand the real consequences of an attack. It is also essential that leaders acknowledge that cyber risk is business risk, and not leave the financial and personnel resource burden to only IT teams.”
