84% of organisations in the UAE are bracing for the fallout from an email-borne attack in the year ahead amid a growing volume of threats.
According to the latest Mimecast State of Email Security 2022 report, more than two-thirds of companies in the UAE reported an increased number of email-based threats.
“Companies in the UAE showed greater concern about various email security challenges, than most other countries we surveyed,” said Werno Gevers, Regional Manager at Mimecast Middle East. “56% are concerned about an increase in the volume of attacks, 48% worry about security-naive employees, and more than half (52%) are concerned over the growing sophistication of attacks. This comes at a time when more than eight out of ten organisations reported increased use of email, making email security a top priority for businesses and their IT and security teams.”
Threats are becoming more targeted
Nearly all UAE organisations that responded to the research have been the target of email-related phishing attempts (94%), but interestingly 30% reported a decrease in the volume of such attacks, with 20% noting the decrease was ‘significant’.
“This is possibly due to threat actors moving on to other, more targeted methods,” said Gevers. “Our data also showed that 54% of organisations reported an increase in business email compromise, while half experienced an increase in internal threats or data leaks initiated by malicious insiders. In a positive sign, all respondents from the UAE either have a cyber resilience strategy or are actively planning to put one in place.”
Greater employee awareness improves resilience
A large part of the success of a cyber resilience strategy depends on the conduct of employees. Encouragingly, 46% of UAE companies provide ongoing cyber awareness training, twice the global average of 23%.
“Cyber awareness training is one of the most effective ways of strengthening an organisation’s overall cyber resilience and should be a top priority for business leaders,” said Gevers. “Efforts by organisations in the UAE are paying off: only 66% of respondents were concerned about employees oversharing company information on social media, far below the global average of 81%, while more than one in ten believed there was no risk at all to employees using personal email.”
The importance of government mandates
Organisations are also noting the impact of government efforts to build greater cyber resilience to protect citizens and critical infrastructure from cyberattacks. UAE respondents expected high levels of changes in their organisation as a result of government mandates for cyber resilience. “Forty-two percent expect improvements in the overall level of cybersecurity in their business, and more than a third anticipate lower risk of cyberattacks impacting their business,” said Gevers.
Adequate budgets for advanced protection
In general, UAE respondents noted satisfactory budget allocations for cybersecurity, with an average of 17% of IT budgets going toward cyber resilience against a desired 19%. “Investment into strengthening the overall security posture by securing key business applications will likely continue in the year ahead, with 92% of companies saying additional safeguards are needed for Microsoft 365,” says Gevers. “This may partly be because 82% of organisations experienced a Microsoft 365 outage in the past year, with more than a third citing severe impact from an outage.”
To read more exclusive features and latest news please see our Q1 issue here.
Media contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com