Cybersecurity Threats in Dubai: What You Need to Know

In early 2024, the Moorfields Eye Hospital in Dubai faced a ransomware attack that compromised more than 60GB of patient and insurance data. This incident wasn’t isolated. It reflected a growing trend across the UAE—one where cyber threats are becoming more frequent, more advanced, and far more personal.

Dubai’s position as a global leader in smart technologies has accelerated its transformation into a connected, tech-forward city. Every sector, from finance to healthcare, now operates on digital systems designed for speed and efficiency. But with innovation comes exposure. A digitally advanced city is also an attractive target for cybercriminals looking to exploit vulnerabilities in complex systems.

The urgency to address cybersecurity isn’t limited to governments and corporations. Everyday residents, small business owners, and digital users all have something at stake—data privacy, financial safety, or even basic access to services.

This article looks into the cybersecurity threats currently shaping Dubai’s digital future. Through real-world examples, recent stats, and deep research, we break down what’s happening, why it matters, and what steps are being taken to secure the city.

The Cyber Threat Landscape in Dubai

​In 2025, Dubai's rapid technological advancement has positioned it as a global hub for innovation. However, this progress has also attracted a surge in cyber threats targeting various sectors. Understanding the current cyber threat landscape is crucial for individuals and organizations to implement effective defenses.​

Phishing Attacks

Phishing remains a prevalent threat in Dubai, with cybercriminals employing deceptive emails and messages to trick individuals into revealing sensitive information. Notably, the UAE Cyber Security Council reported that over 50% of individuals encountered phishing websites, and nearly 20% were targeted through social media scams. ​

Ransomware

Ransomware incidents have escalated significantly, with a 32% increase in attacks reported in 2024 compared to previous years. Despite the rise, collaborative efforts between government entities and private sector partners, along with advanced AI solutions, have successfully countered these threats.

Deepfake Scams

The emergence of deepfake technology has introduced sophisticated scams, including incidents where criminals used AI-generated voices to impersonate executives, leading to substantial financial losses. For instance, scammers utilized voice-cloning technology to steal $35 million from a bank by convincing an employee to transfer funds under false pretenses. ​

Business Email Compromise (BEC)

BEC scams have targeted businesses by compromising official email accounts to initiate fraudulent transactions. A notable case involved Cheers Exhibition, a Dubai-based firm, where attackers infiltrated their email system, resulting in a client transferring $53,000 to the fraudsters.

Social Engineering on WhatsApp/Telegram

Cybercriminals have exploited messaging platforms like WhatsApp and Telegram for social engineering attacks, including fake job offers and investment scams. Authorities have warned residents about fraudulent recruitment pages and requests for upfront fees, emphasizing the need for vigilance.

Data Breaches Targeting Cloud-Based Services

The shift to cloud computing has exposed vulnerabilities, with over 223,800 assets in the UAE potentially susceptible to cyberattacks. Unaddressed critical vulnerabilities, some over five years old, highlight the necessity for robust cloud security measures.

Vulnerable Sectors

Sectors such as finance, government, real estate, and healthcare are particularly susceptible to cyber threats. The government, finance, and energy sectors have been identified as the most targeted by cyber threat actors. ​

Recent Cyberattacks

In the past 12–24 months, the UAE has witnessed various cyber incidents:​

• Fake Job Scams: Authorities have reported an increase in employment fraud cases, with 260 incidents recorded by Sharjah Police in the first half of 2024. ​
• Cyber Extortion: The Abu Dhabi Judicial Department highlighted tactics used by cybercriminals to threaten and extort victims online, including exploiting past relationships and hacking personal accounts. ​
• Internet Begging: The UAE Cybersecurity Council detected over 1,200 cases of internet begging in 2024, involving fraudulent donation campaigns exploiting social media platforms.

These incidents underscore the evolving cyber threat landscape in Dubai, emphasizing the need for continuous vigilance and proactive cybersecurity measures across all sectors.​

Target Areas: Who’s Most at Risk?

​In the United Arab Emirates (UAE), certain groups are particularly vulnerable to cyber threats due to various factors, such as limited resources, high digital engagement, and the evolving tactics of cybercriminals. Understanding these target areas is essential for implementing effective cybersecurity measures.​

1. Small and Medium-Sized Enterprises (SMEs) and Startups

SMEs and startups often lack the sophisticated IT infrastructure necessary to defend against cyberattacks, making them attractive targets for cybercriminals. According to a report by Genatec, 94% of small businesses experienced cyberattacks in the past year, a significant increase from 73% the previous year. Notably, 82% of ransomware attacks are directed at small businesses, and nearly 40% reported data loss due to such incidents. ​

2. Government Services and E-Portals

Government entities and their digital platforms are prime targets for cyberattacks aiming to disrupt public services and access sensitive information. In 2024, the UAE Cyber Security Council reported successfully thwarting malicious ransomware attacks targeting several strategic sectors in both public and private entities.

3. Personal Users

With a high smartphone penetration rate, personal users in the UAE are increasingly exposed to cyber threats such as phishing and malware. The UAE Cyber Security Council's "2024 State of Scams in the UAE" survey revealed that 56% of the population receives a scam attempt at least once per month. ​

4. Children and Teenagers

The younger demographic faces specific online threats, particularly through gaming platforms and social media. A survey highlighted that about one in three children in the UAE have been contacted by strangers online, raising concerns about their digital safety.

5. Cryptocurrency Investors and Fintech Users

The UAE's growing fintech sector and the increasing adoption of cryptocurrencies have attracted cybercriminal attention. In February 2025, Bybit, a Dubai-based cryptocurrency exchange, suffered a significant breach where hackers stole approximately $1.5 billion worth of Ethereum. The FBI attributed this attack to North Korean-backed hackers, emphasizing the risks faced by investors and fintech users in the region. ​

Addressing these vulnerabilities requires a concerted effort from individuals, businesses, and governmental bodies to enhance cybersecurity measures and promote awareness across all sectors.

Recent Cybersecurity Incidents in Dubai & the UAE

1. Dubai Municipality Data Breach – June 2024

In mid-2024, the Dubai Municipality suffered a data breach allegedly linked to the Daixin ransomware group. While the municipality did not confirm the full extent of the damage, cybersecurity analysts reported that internal systems were accessed, and sensitive data may have been compromised. The breach exposed potential vulnerabilities in the public sector's digital infrastructure, raising concerns about the resilience of municipal platforms against targeted cyber threats.

Impact:

• Data may have been exfiltrated, putting citizen records and internal communication at risk.
• Government services linked to the breached systems faced short-term disruptions.
• Trust in the municipality’s digital security protocols took a hit.

(Source: Breachsense)

2. Surge in Ransomware Attacks Across the UAE – 2024

Throughout 2024, the UAE recorded a 32% rise in ransomware attacks targeting multiple sectors, including healthcare, financial institutions, and government services. According to the UAE Cyber Security Council, all these attacks were successfully countered. Dr. Mohamed Al Kuwaiti, the council's head, credited early detection tools, AI-driven security measures, and strong public-private coordination for mitigating the impact of these threats.

Impact:

• Targeted organizations faced temporary system outages and operational slowdowns.
• Data integrity and customer information were at risk in some attacks.
• Cybersecurity budgets increased across sectors to strengthen defences.

(Source: The Technology Express)

3. Electricity Bill Refund Phishing Scam – September 2024

In late 2024, a phishing campaign emerged across Dubai, using fake Etihad Water and Electricity emails to trick users into claiming "refunds" via malicious links. The scam was designed to look authentic, even replicating official branding. The Telecommunications and Digital Government Regulatory Authority (TDRA) issued an alert warning residents not to click on such links or share any banking details online.

Impact:

• Several residents reported financial theft and unauthorized transactions.
• Victims unknowingly gave away personal and banking data.
• TDRA and cybersecurity bodies called for improved digital awareness and scam recognition training.

(Source: Gulf News)

The UAE Cybersecurity Council continues to warn that cybercriminals are increasingly using AI-based tools like deepfake voice cloning and real-time impersonation to create more believable phishing campaigns. TDRA, in its public advisories, urges citizens to treat all digital communication with caution and verify legitimacy through official channels.

Dubai’s Cybersecurity Framework and Government Measures

​Dubai has established a comprehensive cybersecurity framework to safeguard its digital infrastructure and protect sensitive data. This framework encompasses strategic initiatives, legislative measures, and public awareness campaigns aimed at enhancing the city's resilience against cyber threats.​

Dubai Electronic Security Center (DESC) and the Dubai Cyber Index

The Dubai Electronic Security Center (DESC) plays a pivotal role in fortifying the emirate's cybersecurity posture. Established to implement government information security policies, DESC ensures that Dubai's digital landscape remains secure and resilient. One of its notable initiatives is the Dubai Cyber Index, which was launched in July 2020. This pioneering project aims to bolster cybersecurity efforts among government entities by fostering a competitive environment that encourages adherence to stringent security standards.

The index evaluates and monitors the cybersecurity performance of these entities, promoting transparency and continuous improvement. DESC supports organizations in establishing specialized security operations centers and leveraging advanced technologies, such as Artificial Intelligence and Big Data analytics, to proactively anticipate and mitigate potential cyber threats.

UAE National Cybersecurity Strategy (2020–2025 Updates)

In 2019, the UAE introduced its National Cybersecurity Strategy, aiming to create a robust and secure cyberinfrastructure that empowers citizens and businesses alike. The strategy is built upon five key pillars:​

1. Governance: Establishing a comprehensive legal and regulatory framework to address all forms of cybercrime and secure both existing and emerging technologies.​
2. Protection: Safeguarding critical information infrastructures and ensuring the resilience of digital systems against cyber threats.​
3. Innovation: Promoting research and development in cybersecurity to foster innovative solutions and maintain technological leadership.
4. Capacity Building: Developing a skilled cybersecurity workforce through education and training programs to effectively manage and respond to cyber risks.​
5. International Cooperation: Collaborating with global partners to share information, best practices, and strategies to combat cyber threats collectively.​

This strategy underscores the UAE's commitment to enhancing its digital defense mechanisms and staying ahead of evolving cyber threats. ​

Cybersecurity Laws and Regulations

The UAE has enacted several laws to address cybersecurity and data protection:​

• Federal Decree-Law No. 34 of 2021 on Combatting Rumors and Cybercrimes: This law, effective from January 2, 2022, replaces the earlier Federal Law No. 5 of 2012. It provides a comprehensive legal framework to tackle the misuse of online technologies, addressing issues such as the spread of false information, cyberbullying, and unauthorized access to information systems.
• UAE Personal Data Protection Law (PDPL): Enacted through Federal Decree-Law No. 45 of 2021, the PDPL is the UAE's first federal law dedicated to data protection. It establishes guidelines for the processing of personal data, ensuring the confidentiality and privacy of individuals. The law outlines the rights of data subjects and the obligations of data controllers and processors and stipulates conditions for data transfer across borders. It became enforceable on January 2, 2022.

Awareness Campaigns and Educational Initiatives

Recognizing the importance of public awareness in cybersecurity, various government bodies have launched initiatives to educate citizens and organizations:​

• National Campaign for Cybersecurity: Spearheaded by the UAE Cybersecurity Council, this campaign aims to enhance the culture of cybersecurity across all sectors of society. It includes awareness content disseminated through various platforms, covering topics such as recognizing phishing attempts, safe online practices, and the importance of robust password management. The campaign also features seminars, workshops, and exhibitions to engage the public actively.
• Cyber Smart Society Initiative by DESC: This initiative focuses on building awareness, skills, and capabilities to manage cybersecurity risks among Dubai’s public and private sectors, as well as individuals. It aims to cultivate a cyber-aware society that can effectively navigate the digital realm securely.

Through these concerted efforts, Dubai and the broader UAE are reinforcing their commitment to cybersecurity, ensuring a safe and resilient digital environment for all stakeholders.

How Companies in Dubai Are Defending Themselves

​In response to the escalating cyber threats in the region, companies in Dubai are proactively implementing a range of strategies to safeguard their digital assets and maintain operational integrity. These measures encompass collaborations with specialized cybersecurity firms, the adoption of advanced technologies, and comprehensive employee training programs.​

Cybersecurity Startups and Tech Firms in Dubai

Dubai has become a hub for cybersecurity innovation, hosting several prominent firms that offer specialized services:​

• DarkMatter: Established in 2014, DarkMatter is a UAE-based cybersecurity company that provides a comprehensive range of services and solutions to government and commercial clients.
• Help AG: Founded in 2004, Help AG is a leading cybersecurity services provider in the UAE, offering a wide range of solutions, including managed security services, consulting, and incident response. ​

Role of Managed Security Services (MSS)

Many Dubai-based companies are turning to Managed Security Service Providers (MSSPs) to enhance their cybersecurity posture. These providers offer continuous monitoring, threat detection, and incident response, allowing organizations to focus on their core operations. For instance, eHosting DataFort (eHDF) delivers managed Security Information and Event Management (SIEM) services, providing proactive threat management tailored to regional business needs. ​

Adoption of AI and Predictive Tools for Cyber Threat Detection

Artificial Intelligence (AI) is increasingly being integrated into cybersecurity frameworks to predict and neutralize threats. Companies like ITButler e-Services leverage AI-powered threat intelligence to analyze vast data sets, identify patterns, and detect anomalies indicative of cyber threats. This proactive approach enables early intervention, reducing potential damage. ​

Cyber Insurance Uptake Among SMEs and Large Companies

The rising frequency of cyber incidents has led to a surge in demand for cyber insurance in the UAE. According to a report by MarkNtel Advisors, the UAE Cyber Insurance Market is anticipated to grow at a Compound Annual Growth Rate (CAGR) of around 25.6% during the forecast period of 2023-2028. This growth is driven by the increasing incidence of cyberattacks among organizations, resulting in massive financial losses and the ever-increasing requirements of enterprises to protect sensitive data from ransomware and malware. ​

Staff Training and Phishing Simulations

Recognizing that human error often serves as an entry point for cyberattacks, companies are investing in employee training programs. Organizations such as the EC-Council offer security awareness training in Dubai, including phishing simulations that mimic real-life attack scenarios. These exercises educate employees on identifying and responding to phishing attempts, thereby reducing the risk of successful attacks.

Everyday Cybersecurity Tips for Individuals in Dubai

​Protecting your digital life is crucial in today's interconnected world. Here are practical cybersecurity tips tailored for residents of the UAE:​

1. Enable Two-Factor Authentication (2FA)

Adding an extra layer of security, 2FA requires not only your password but also a second verification step, such as a code sent to your phone. This significantly reduces the risk of unauthorized access, even if your password is compromised.

2. Avoid Suspicious Links and Downloads

Be cautious with unsolicited emails or messages containing links or attachments. Cybercriminals often use these to install malware or steal personal information. Always verify the sender's identity before interacting with such content. ​

3. Verify Job Offers and QR Codes

Scammers may send fake job offers or malicious QR codes to steal your data. Always confirm the legitimacy of job offers by contacting the company directly through official channels. When scanning QR codes, ensure they come from trusted sources to avoid phishing attempts. ​

4. Secure Your Home Wi-Fi and IoT Devices

Change default usernames and passwords on your Wi-Fi router and IoT devices to prevent unauthorized access. Regularly update device firmware and disable remote management features if not needed. Segment your network to keep IoT devices separate from sensitive data. ​

5. Utilize UAE Government Cybersecurity Resources

The UAE government offers platforms for reporting cybercrimes:​

• eCrime.ae: An online portal by Dubai Police for reporting cybercrimes.
• My Safe Society App: Launched by the UAE's Federal Public Prosecution, this app allows users to report crimes or suspicious activities on social media. ​

By implementing these measures and utilizing available resources, you can significantly enhance your online security and protect your personal information.

Dubai’s ambition to become one of the world’s safest digital cities is more than a vision—it’s an ongoing mission backed by policy, partnerships, and innovation. Efforts led by the Dubai Electronic Security Center (DESC), including regulatory development and smart infrastructure protection, are helping shape a secure foundation for the Emirate’s digital future. But the journey is far from over. As technologies evolve, so do the risks. Quantum computing, for instance, is already prompting international concern, with experts warning of its potential to break existing encryption methods. Meanwhile, biometric data—used in everything from payments to airport check-ins—is becoming a new frontier for cybercriminals. These aren’t distant possibilities. The challenges are being addressed in boardrooms and control centers today.

At the same time, Dubai’s smart city strategy opens the door to powerful defenses. Blockchain solutions are being explored for securing critical data, and public-private partnerships are driving real progress in threat intelligence, policy-making, and innovation. Cybersecurity isn’t just a technical challenge—it’s an ecosystem-wide responsibility. Staying ahead means not only investing in technology but also cultivating a culture of vigilance and constant learning. Businesses are adapting, schools are introducing digital safety modules, and national campaigns are empowering everyday users to stay alert.

All of this leads to one reality: the smarter the city becomes, the more prepared its people need to be. Digital convenience comes with digital risk, and no one—resident, entrepreneur, or institution—is outside its reach. Staying safe in a city like Dubai isn’t about fear. It’s about awareness. Update your systems. Question every unfamiliar link. Learn how your data moves. Whether you're managing a company or managing your own inbox, cybersecurity is part of everyday life now. The more we understand that, the better equipped we’ll be—not just to survive the future but to thrive in it, securely.

Also read: