In an increasingly digital world, the costs of cybercrime are growing fast – making it vital that individuals, companies and governments have robust defences.
The global costs last year were about $10.5 trillion and the bill is forecast to increase 50 per cent by the end of the decade, according to cybersecurity company VikingCloud.
This month, the UAE has seen a flurry of cyber-related concerns, including the leaking of personal details of Abu Dhabi Finance Week delegates, and the foiling of ransomware attacks on national infrastructure. Officials said the UAE was the focus of tens of thousands of attempted breaches every day.
Separately, three men were jailed for setting up dummy mobile phone networks that sent banking alerts to Dubai Marina and Palm Jumeirah residents, showing how cyber threats affecting individuals have moved well beyond “phishing” emails riddled with spelling mistakes.
What can be done to defend these attacks, from a personal, business and government level.
What can individuals do?
Santiago Pontiroli, threat intelligence research lead at Acronis, a Swiss-based cyber protection company, said people should “treat any unexpected message, call or prompt with suspicion” – even if the source appears to be genuine. That means being cautious with links or attachments.
“Remember that personal details alone no longer prove something is genuine,” he said. “On the technology side, using a password manager with unique passwords and turning on two-factor authentication blocks many common attacks.”
Two-factor authentication may involve having to enter a password and code sent by text.
“Regular backups limit the damage if something goes wrong, and using a separate email for important accounts and for sign-ups reduces the impact if one account is compromised,” Mr Pontiroli said.
Other good habits include not oversharing personal details and refusing to be rushed if a message creates pressure or fear, as this is a common manipulation tactic.
“Regularly review account security settings and recent logins, especially for email, social networks, and cloud accounts,” he advised.
Other recommendations include using biometric locks on accounts or devices (such as fingerprints or facial recognition), and password managers, which generate unique credentials per service.
Diversify your accounts and passwords
Avoid password reuse across websites, applications and services, Morey Haber, chief security adviser at BeyondTrust, a US-based cybersecurity company, and the author of books including Attack Vectors: The History of Cybersecurity, said.
“Keep all of your devices patched and if the mobile device is end of life, and no longer receiving vendor updates, consider replacing it as soon as possible to avoid software vulnerability exploitation.”
Mr Haber suggests “segmenting” digital identities, such as by having separate email accounts for financial services versus general subscriptions and social media.
“This makes it harder for threat actors to leverage the same email address to compromise sensitive resources since the credentials themselves are entirely different,” he said.
Also avoid using public Wi-Fi for sensitive transactions, Mr Haber added.
Mohammed Aboul-Magd, the Abu Dhabi-based vice-president of product in the cybersecurity group of the software company SandboxAQ, said that platforms such as WhatsApp, which offer end-to-end encryption, should be favoured over SMS.
“If you receive an urgent message from a bank or government entity, do not respond through the same channel,” he said.
“Close the message, open the official app, or call a verified number directly. It adds a few seconds of friction but eliminates the chance of fraud because you are controlling the channel, not the attacker.”
Assessing the risk
Cyberattacks on private individuals are often opportunistic, with the attacker trying many potential victims and continuing with those who are vulnerable.
While the threats from cyberattacks appear to be growing, the cost of attacks is “incredibly variable”, said Shiraj Sheikh, professor in systems security at Swansea University in Wales and a recent fellow at the Research Institute in Trustworthy Inter-Connected Cyber-Physical Systems at Imperial College London.
“There is a cyber-insurance industry who are trying to price risk,” he said. “It’s still very difficult to do that. But overall the increasing dependence, the increasing threat leads to this increased risk and therefore the state apparatus to look at that is a substantial cost … The burden has increased, there’s no doubt.”
Defending against opportunistic attacks is cheaper, according to Prof Achim Brucker, head of the cybersecurity group at the University of Exeter in the UK.
“In contrast, defence against targeted attacks, in which an attacker focuses on a specific victim, is much harder,” he said.
With more critical national infrastructure (examples include power grids, transport networks, banking systems and communications networks) connected to the internet – and much of this designed decades ago without the internet in mind – special challenges are created, Prof Brucker said.
“The use of AI could, for instance, increase the number of attackers that are able to at least mount some attacks and improve the efficiency of advanced attacks,” he said.
What about cost?
As the threats grow, so does the spending to defend against them.
According to the Quantum Secure Encryption Corp, a Canadian cybersecurity company, annual global spending on defences is set to reach $520 billion this year.
A 2025 report based on company surveys found that cybersecurity budgets had risen 70 per cent over the previous four years.
When it comes to the threats facing critical national infrastructure the main threat is “silent residency”, according to Mr Aboul-Magd.
This involves attackers establishing a long-term presence inside critical networks, meaning that they can gather intelligence and trigger an attack when they choose.
Telecoms disruptions, data breaches at major financial events, ransomware targeting utilities and supply-chain compromise all threaten operational continuity, Mr Haber said.
He recommended that governments mandate zero trust architectures, which do not automatically regard users or devices as being safe, and have “strict identity governance”.
“Intelligence sharing between telecom providers, financial institutions, and international cybersecurity bodies is essential as well, since any one finding is probably applicable elsewhere,” Mr Haber said.
A looming threat is the next-generation of quantum computers, as these may be able to break the encryption that protects the likes of banking, energy grids and water systems.
“That means mandating quantum-resistant cryptographic standards for critical systems now, so that infrastructure is secure by design rather than patched after the fact,” Mr Aboul-Magd said.
Governments should also, he said, be mandating “cryptographic agility”, which is the ability to rapidly update security protocols when a vulnerability is discovered without taking systems offline.
“The goal is to move from static compliance to continuous, adaptive defence,” he said.
