Cyberattacks are pervasive and increasing in volume and frequency

● 82% of MET organizations have experienced at least one cybersecurity incident in the last 24 months, with most having experienced multiple attacks.

● Among organizations that were attacked in the past year, 84% reported more incidents compared to previous years. 42% say the volume has increased significantly.

● Among the respondents who reported that their organization had experienced an incident in the last 12 months, 48% experienced anywhere between 1 and 10 incidents. In fact, more than a quarter (27%) of this group reported between 11 and 30 incidents, while a further 15% experienced between 31 and 60 — a rate of one incident every six to 11 days.



Industries and companies most affected

● Financial Services (63%) and IT & Technology (61%) are commonly targeted. The lower frequency of incidents in Healthcare (49%) is counterintuitive — the industry tends to be a highly targeted sector because it often suffers from a lack of investment and because systems hold vast amounts of sensitive patient data. In terms of industries, Education and Retail emerged as those least impacted, which is surprising given the high volumes of sensitive data at stake in both.

● Medium-sized organizations are revealed to be most vulnerable, with 58% having experienced an incident in the past year. Smaller organizations were less likely to have been affected, with just 39% experiencing an incident in the past year.

● Businesses in the Business and Professional Services, Energy, Utilities and Natural Resources, Travel, Tourism and Hospitality, and Government industries are most prepared for cyberattacks whereas those in Media and Telecoms and Transport, Construction and Real Estate sectors are least prepared, given that they have experienced fewer incidents.



MET organizations need to watch out for these attack vectors

● According to the MET’s business and technology leaders, the top three most common types of cyberattack they face are web attacks (69%), malware - defined as viruses, worms, and Trojans - (62%) and phishing (55%). Other common threats are ransomware and spyware (38%), business email compromise (36%), and API attacks (32%).



Cost of a breach is more than just financial

● The financial losses arising from incidents can rack up quickly. Among the 53% of respondents whose organizations experienced a cybersecurity incident in the past year, 77% estimated the financial impacts to be at least US$1 million, while one third (38%) estimated the loss to be US$2 million or more.

● Financial loss is not the only impact organizations have suffered. Nearly four out of 10 (38%) organizations have had to put growth plans on hold in the aftermath of an incident, and nearly four in 10 (37%) have had to lay off staff as a result of the financial impact. Other organizations have been subjected to legal action or been forced to pay fines as a result of incidents.



Leadership teams are taking action

● 74% of respondents expect the proportion of their IT budget dedicated to cybersecurity to rise over the next year. Just 9% foresee a decrease, and 16% foresee no change. This is a positive sign, as organizations need to prepare for the increased volume of incidents they predict in the year ahead.

● For most, protecting their networks remains the number one investment area, with nearly 22% of the budget allocated to this pillar on average.



A mixed picture of solution deployment

● Encryption is currently organizations’ most deployed solution, with secure web gateways and firewall-as-a-service (FWaaS) not far behind.

● Regarding Secure access service edge (SASE), only 15% have fully implemented this model while 32% have progressed towards implementation. There is cause for optimism though as 70% respondents are now working with a single SASE vendor, which may reduce complexity and help speed up deployment.

● Zero Trust network access is a long way behind, despite widespread recognition of its ability to protect hybrid or remote workers. Over half (57%) say that Zero Trust adoption is still in its early stages. 38% believe that a lack of understanding is the single biggest barrier to adoption.



“Organizations across the Middle East and Türkiye are managing an increasingly complex cybersecurity landscape, all while ensuring operational efficiency, regulatory compliance, and uninterrupted productivity. With incidents on the rise in both volume and frequency, this balancing act becomes even more challenging, leaving leaders with a sense of diminishing control over their organizations’ technological and security frameworks,” said Bashar Bashaireh, RVP Middle East and Türkiye at Cloudflare.



“This significant challenge requires innovative solutions capable of integrating diverse technological components into a cohesive and agile framework. The age of siloed legacy infrastructures is giving way to a new model of "any-to-any" cloud platforms, creating catalysts for innovation and growth. By concentrating on strategic integration, any-to-any cloud platforms empower leaders to securely transform technological challenges into competitive advantages. Adopting this approach will help shape a future where connectivity and innovation are at the heart of business success, opening the door to unlimited possibilities,” adds Bashaireh.



Survey Methodology

This survey was conducted by Sandpiper Communications, on behalf of Cloudflare across a total of 991 leaders in Middle East & Türkiye responsible for cybersecurity in small (150 to 999 employees), medium (1,000 to 2,499 employees), and large (more than 2,500 employees) organizations. Respondents were drawn from a wide range of industries: Business & Professional Services; Construction & Real Estate; Education; Energy, Utilities & Natural Resources; Financial Services; Gaming; Government; Healthcare; IT & Technology; Manufacturing; Media & Telecoms; Retail; Transport; Travel and Tourism & Hospitality. Respondents were based in 3 markets across the Middle East and Türkiye: Kingdom of Saudi Arabia, United Arab Emirate, and Türkiye, and were surveyed online and recruited via general business panels. The survey was aimed at building a better understanding of the threat landscape facing Chief Information Security Officers (CISOs) and their teams across these three countries, unearthing valuable insights and trends, and gauging responses and outcomes. The survey was conducted in March 2024.



About Cloudflare

Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at radar.cloudflare.com.

