Verizon Business has unveiled its 2025 Data Breach Investigations Report (DBIR), revealing a sharp global rise in data breaches. Among the regions hit hardest is EMEA (Europe, Middle East, and Africa), where cybersecurity threats like system intrusions and insider threats are growing at an alarming pace.
In just one year, system intrusion breaches in EMEA have nearly doubled, rising from 27% in 2024 to 53% in 2025.
These attacks, often driven by increasingly sophisticated external actors, now make up the majority of breaches in the region. The report also found that 29% of breaches in EMEA originated from within organizations. Of these insider-related incidents, 19% were due to unintentional mistakes such as misdirected emails or misconfigured databases while 8% involved the misuse of data, where employees acted against company policies. Phishing, ransomware, and other social engineering tactics were identified as major concerns.
In EMEA, social engineering was the second most common incident pattern, appearing in 19% of reported breaches.
Businesses Face Major Losses as Cyber Readiness Falls Short
In the UK, small and medium-sized enterprises (SMEs) are collectively losing GBP 3.4 billion a year to cybercrime, according to a Vodafone Business report, and, in line with Verizon’s findings, the most common threats include phishing, ransomware, and distributed denial-of-service (DDoS) attacks.
In the latter part of 2024, it was also unveiled that 78% of business leaders in the Middle East and Türkiye (MET) region expect to suffer from a cybersecurity incident in the next twelve months, but only 46% of organizations feel well prepared to deal with it.
The top cyberattacks that MET’s business and technology leaders face also include spyware, business email compromise, and application programming interface (API) attacks, among the already mentioned cyber threats above.
When neglected, cyber incidents can damage corporate operations, brand reputation, trust, and financial conditions. An industry report found that the average cost of a data breach for businesses in the Middle East reached SAR 32.80 million in 2024, a nearly 10% increase from the recorded SAR 29.90 million in 2023.
Hence, Fortinet advocates developing a cybersecurity culture that requires active participation at all levels of the organization to ensure that all employees understand their significant role in the organization's cyber defense. “A mature cybersecurity culture creates a more cyber-resilient organization and helps keep you out of the headlines,” noted Rafi Brenner, Vice President, Information Security, Fortinet.
Human behavior remains a major factor in cyber breaches. From falling for phishing scams to mishandling credentials, the human element continues to be a weak point.
Wake-Up Call: EMEA Nations Strengthen Cyber Defenses in 2025
As cybersecurity threats grow more complex and persistent, protecting both systems and people has never been more critical. The public sector has been proactive in responding to these matters. Last year, numberous cyber threat reports have proven that the UAE is facing a growing cybersecurity challenge. There has been a notable increase in malware detections among clients from January to May 2024, with the UAE being identified as a 'prime target' for ransomware attacks.
As of early 2025, the UAE Cyber Security Council announced that the national cybersecurity systems successfully thwarted malicious ransomware attacks targeting several strategic sectors in both public and private entities. This has prevented data breaches and unauthorized system lockouts.
Moreover, the UAE Cabinet and Qatar’s National Cybersecurity Agency (NCSA) are among those that have launched their respective National Cybersecurity Strategy plans, marking a significant move to secure each country’s digital landscape. Belgium also previously introduced its Cybersecurity Strategy 2.0 with the ambitious goal of becoming one of the least vulnerable countries in Europe.
This could mitigate and prevent future cyber attacks and data breaches faced by organizations and individuals within the country.
While in Africa, the Republic of Congo has allocated a substantial CDF 800 million (approximately USD 1.3 million) to support the operations and initiatives of its National Cybersecurity Agency (ANSSI), strengthening the nation’s cybersecurity infrastructure.
Read More on Cybersecurity:
Fortifying Cybersecurity with AI- and LLM-Powered Defenses
Infrastructure, Cybersecurity, and Sustainability: UAE’s AI Growth Drivers