When ransomware hits a Gulf enterprise, the primary query from management is often the identical: Are our backups intact? For a rising variety of organisations throughout the area, the reply is sure – however it’s not sufficient.
Analysis by DataNumen discovered that 69% of ransomware victims believed they have been adequately ready earlier than an assault. After the incident, nonetheless, that confidence dropped by greater than 20 proportion factors. The hole just isn’t a know-how failure; it’s a planning failure – and one which Gulf enterprises are more and more confronting.
The regional publicity makes the stakes concrete. In response to Microsoft’s Digital defence report, the United Arab Emirates (UAE) ranked ninth globally and second within the Center East and Africa by way of the frequency with which prospects have been affected by cyber exercise within the first half of 2025. Saudi Arabia ranked fifth within the area.
Cyber safety agency Cyble recorded greater than 90 distinctive entries on darkish net information leak websites linked to Gulf-based organisations in the identical interval, spanning oil and fuel, aviation and healthcare. Sophos information exhibits that UAE organisations pay 92% of ransom calls for – above the worldwide common of 85%.
That fee fee factors to a deeper downside. Eliad Kimhy, senior safety researcher at Acronis, says enterprises typically make investments significantly in backup infrastructure with out ever testing a full restoration underneath life like situations.
“What they haven’t accomplished is simulate the precise restoration situation, restoring manufacturing techniques from backup whereas the setting is partially compromised, underneath time stress,” he stated.
Backup jobs that reported success end up to have excluded important system states. Restoration procedures that seemed easy on paper end up to require dependencies no one documented.
The structure downside runs deeper than testing self-discipline. Fashionable ransomware operators goal backup repositories straight. Organisations that haven’t remoted their backups, verified restoration integrity and confirmed that backup techniques sit outdoors the blast radius of a compromised area uncover this on the worst second.
Solely 10% of ransomware victims recovered greater than 90% of their information, in accordance with Veeam’s Ransomware tendencies report, a determine that holds even amongst organisations with formal backup programmes.
The largest false impression is that many organisations nonetheless consider that having backups mechanically means they’re recoverable inside an appropriate timeframe Fred Lherault, Everpure
Fred Lherault, subject chief know-how officer for EMEA and rising markets at Everpure, believes the core assumption must be revisited. “The largest false impression is that many organisations nonetheless consider that having backups mechanically means they’re recoverable inside an appropriate timeframe,” he stated.
The shift Lherault describes is architectural: conventional backup infrastructure was constructed for remoted outages and operational errors, not enterprise-wide cyber disruption. Extra resilient environments are transferring in the direction of immutable snapshots on main storage and remoted restoration environments the place clear information will be validated independently from a compromised community.
Regulatory route within the area is reinforcing that shift. Saudi Arabia’s Important Cybersecurity Controls explicitly require organisations to show the flexibility to quickly get better information and techniques following a cyber incident and mandate periodic testing of backup restoration effectiveness, thereby transferring recoverability from an inside IT assumption to a documented compliance obligation.
The UAE Cupboard’s approval of a Nationwide Cybersecurity Technique in February 2025 positioned additional emphasis on resilience as a nationwide precedence, signalling that restoration functionality will face rising scrutiny at each the enterprise and authorities ranges.
The query Gulf IT leaders must reply is now not whether or not their information is backed up. It’s how lengthy it takes to revive a important system underneath actual situations, and whether or not anybody has examined that assumption earlier than an incident forces the reply.
