UAE emerges as prime target for cyberattacks amid rapid economic growth, Sophos reports

The UAE’s rapid economic expansion has positioned the country as a significant target for cybercriminals, according to Sophos, a global cybersecurity firm. Companies operating in the UAE are being urged to strengthen cybersecurity measures as the country’s growing “attack surface” presents new risks.

Joe Levy, CEO of Sophos, highlighted the unprecedented pace of development in the UAE and the wider Gulf region. "The rate of development and economic growth here in the UAE and the wider Gulf is virtually unmatched globally," Levy stated.

Recommended For You

Restaurant Review: Dinner by Heston Blumenthal is a time machine on a plate

Month-long school break in UAE: How families can make the most of winter holiday

Off-plan sales dominate Dubai’s residential market in Q3 amid record transaction volumes

Shah Rukh Khan makes history as first star with Dubai skyscraper named after him

UAE weather tomorrow: Temperatures to drop; cloudy day expected

 

A cyberattack surface refers to all potential entry points — digital, physical, and human that malicious actors could exploit. This includes hardware, software, networks, cloud systems, IoT devices, and human vulnerabilities through social engineering. UAE government data indicates that the country hosts approximately 223,800 digital assets, with 65% in Dubai and 13% in Abu Dhabi. Around 21% of cybersecurity incidents are reported to target banks and financial services.

Dr Mohamed Al Kuwaiti, head of the UAE Government Cybersecurity Council, noted that the country faces nearly 150,000 cyberattacks daily, with numbers rising above 300,000 during periods of instability. "Cyber attackers in the UAE primarily target the finance and energy sectors, as well as real estate, utilities, manufacturing, and construction. The Gulf’s rapid expansion and digital transformation projects make it an attractive target," he said.

Ransomware is a growing threat to UAE businesses. Sophos’ State of Ransomware 2025 report shows that nearly 50% of companies globally paid a ransom to recover data following a cyberattack, with the median payment in the UAE reaching approximately $1.33 million. The report identified exploited vulnerabilities as the leading cause of attacks, with 49% of ransomware victims unaware of the specific security gaps exploited by attackers.

To address cybersecurity challenges, the UAE is investing in education, apprenticeships, cyber ranges, and partnerships with universities. Sophos has also incorporated AI-driven workflows to enhance threat detection and incident response. "AI agents are used for threat hunting and case investigation, supporting human teams in managing security risks at scale," Levy said.

The UAE National Cybersecurity Strategy 2025–2031 emphasises zero-trust architectures and modern risk management principles. Sophos recommends that organisations implement proactive risk mitigation measures, including prevention, detection, incident response, and backup testing, to strengthen resilience against cyber threats.

Looking ahead, the combination of rapid growth, expanding attack surfaces, complex supply chains, and evolving AI capabilities for both attackers and defenders is expected to define the cybersecurity landscape in the Gulf in 2026.