More than 80 per cent of UAE organisations said they have the right staff to effectively manage a ransomware cyber attack, matching the global average, a global survey has found.
About 67 per cent of UAE respondents also said they have a plan in place to counter any potential ransomware attempt, compared with 72 per cent globally, Boston-based security firm Cybereason said in its annual ransomware study.
Ransomware is a malware that is designed to deny users or organisations access to their online data and files stored in computers or servers. All data is encrypted, and criminals demand payment for the decryption key.
As more businesses adopt hybrid work models and undergo rapid digital transformation to cope with Covid-19 challenges, they are also more exposed to cyber threats. This has resulted in an increase in budget allocations towards thwarting potential security breaches.
More than 85 per cent of UAE businesses surveyed said their security budget has increased in the past year to address ransomware, compared with 92 per cent globally.
“Ransomware attacks are traumatic events … and when ransomware gangs attack a second, third or fourth time in a matter of weeks, it can bring an organisation to its collective knees,” said Lior Div, chief executive and co-founder of Cybereason.
The report surveyed 1,456 cyber security professionals in the UAE, the US, the UK, Japan, Germany, France, Italy, South Africa and Singapore. Major industry verticals covered in the research included financial services, government, retail, manufacturing, health care and legal.
When asked what investments have been made based on ransomware concerns, 72 per cent of UAE organisations cited cyber insurance.
While 45 per cent have invested in employee awareness training, about 40 per cent have allocated capital towards hiring new cyber security talent and 35 per cent of respondents have adopted new technology.
The report revealed that budget allocations for cyber insurance policies were also top on the list for increased spending globally.
More than 90 per cent of global respondents said their organisations have a cyber insurance policy in place, up from 75 per cent in the 2021 report. Of those with cyber insurance, 84 per cent indicated their policies include coverage specifically for ransomware attacks, up from 54 per cent last year.
The increasing cases of ransomware attacks are credit-negative for insurers since it exposes them to higher claim costs.
California-based cyber insurance provider Coalition said ransom demands among its policyholders during the first quarter of 2020 grew 100 per cent from 2019.
While cyber insurance can be an effective tool for transferring some of the risks of a ransomware attack, it does not mitigate all of it or provide any meaningful defence, industry experts said.
Even if a cyber insurance policy covers a ransom demand, it may not cover a number of other financial consequences, such as lost revenue, cost of remediation, higher insurance premiums, regulatory fines and legal fees.
“Deploying effective anti-ransomware solutions is easier said than done, and the hackers know it,” Mr Div said.
“After being hit the first time by a ransomware attack, organisations need time to assess their security posture, determine what are the right tools to deploy and then find the budget to pay for it. The ransomware gangs know this, and it is the biggest reason they strike again quickly.”
The study found that 77 per cent of UAE organisations suffered at least one ransomware attack over the past 24 months. About seven in 10 companies said attackers were after customer data.
About 90 per cent of the UAE organisations that paid ransom were hit by ransomware a second time, with 83 per cent saying the second attack came in less than a month and 78 per cent reporting that threat actors demanded a higher amount.