A recent report from Sophos reveals that nearly half of companies in the UAE affected by ransomware opted to pay the ransom to retrieve their data. The report, part of Sophos’ sixth annual State of Ransomware survey, indicates that 43% of organizations that had their data encrypted made ransom payments, with 30% negotiating lower amounts than originally demanded.

Globally, the report highlights that almost 50% of companies paid ransoms, marking the second-highest rate of payment in six years. The median ransom payment in the UAE stood at $1.33 million, with initial demands varying significantly based on the size and revenue of the organizations. For instance, companies with revenues exceeding $1 billion faced median ransom demands of about $5 million, while those with revenues below $250 million encountered demands averaging less than $350 000.

Exploited vulnerabilities were identified as the leading technical cause of ransomware attacks in the UAE, with 49% of victims reporting that attackers exploited security gaps they were unaware of. More than half (54%) of UAE organizations noted that resource constraints contributed to their vulnerability, with one-third attributing this to a lack of expertise.

The report also underscores the significant impact of ransomware on data security in the UAE. In 55% of attacks, data was successfully encrypted, surpassing the global rate of 50%. Additionally, in 43% of these cases, data was stolen, notably higher than the global average of 28%. Despite these challenges, 98% of affected organizations managed to recover their data, with 68% relying on backups and 43% choosing to pay the ransom.

Chester Wisniewski, director and field CISO at Sophos, stated, “For many organizations, the chance of being compromised by ransomware actors is just a part of doing business in 2025.” He emphasized that increased awareness is prompting companies to invest in resources to mitigate damage, including hiring incident responders who can help lower ransom payments and expedite recovery.

The report also provided insights on the business and human impacts of ransomware in the UAE. Excluding ransom payments, organizations incurred an average recovery cost of $1.41 million, which is below the global average of $1.53 million. Moreover, 63% of organizations reported full recovery within a week, outperforming the global average of 53%.

Organizations are urged to adopt best practices to combat ransomware, such as eliminating common vulnerabilities, ensuring robust endpoint protection, and maintaining an effective incident response plan. The report is based on a vendor-agnostic survey of 3 400 IT and cybersecurity leaders from various organizations that experienced ransomware attacks in the previous year.