July 18, 2025: Cybersecurity firm Sophos has announced it will establish a new data center in the United Arab Emirates by the end of 2025.
Built on Amazon Web Services (AWS) infrastructure within the country, the facility is designed to address growing regional demand for data sovereignty, faster threat response, and compliance-ready cloud security.
The UAE data center will support Sophos Central, the company’s unified cloud platform, and will enable full delivery of services such as Sophos Managed Detection and Response (MDR), which now serves over 21,000 organizations worldwide.
The deployment is intended to improve service latency and reduce regulatory friction for local customers, including those in highly regulated sectors such as finance, healthcare, and government.
“By bringing local infrastructure to the UAE, we’re delivering on our vision of enabling every organization to achieve superior cybersecurity outcomes,” said Gerard Allison, Senior Vice President of Sales for EMEA at Sophos.
The expansion comes amid escalating ransomware threats in the region. According to the newly released State of Ransomware in the UAE- 2025 report by Sophos, the average cost of recovering from a ransomware attack in the country reached USD 1.41 million, slightly below the global average of USD 1.53 million.
However, the payment rates tell a more troubling story: 92% of affected organizations in the UAE admitted to paying at least part of the ransom, a figure that exceeds the global average of 85%.
While recovery timelines were better than global benchmarks, 63% of UAE firms fully recovered within a week versus 53% globally, the financial and operational impact remains steep.
Ransomware Recovery Time (UAE vs Global) in 2025
While UAE organizations are recovering faster than the global average, the financial burden of ransomware remains disproportionately high. Sophos’s research reveals a widening gap between ransom demands and actual payments, highlighting the need for preventive strategies over reactive spending.
Ransom Demands vs Payments (UAE) in 2025
At the core of the UAE-hosted platform will be Sophos X-Ops, the company’s global threat intelligence unit, which synthesizes signals from millions of sensors across customer environments.
X-Ops combines input from SophosLabs, Sophos SecOps, and SophosAI to produce actionable intelligence across attack surfaces, including endpoints, email, networks, and public cloud workloads.
Sophos describes XOps as “a leading-edge cybersecurity initiative that unites more than 500 experts … offering a multidimensional response to cyberattacks.”
This collaborative threat intelligence unit informs the company's MDR services, which are now being strengthened through localized cloud and data capabilities in the UAE.
Attack vectors in the UAE are evolving, with exploited vulnerabilities accounting for 42% of ransomware breaches reported in 2025.
Other entry points include malicious emails (23%) and compromised credentials (18%), highlighting the need for continuous, region-specific monitoring and faster response mechanisms.
Sophos MDR offers 24/7 threat hunting, incident validation, and mitigation, all of which will now be available with in-country data residency.
Root Causes of Ransomware Attacks (UAE) in 2025
Sophos states that the localized platform will also help meet national regulatory mandates around data protection and cloud operations, a critical concern for organizations operating under the UAE’s financial and critical infrastructure governance frameworks.
According to company metrics, Sophos’s global MDR team currently detects, validates, and neutralizes active threats in under 38 minutes on average, a capability that will now extend to UAE-hosted workloads without routing data abroad.
"By bringing local infrastructure to the UAE, we’re delivering on our vision of enabling every organization to achieve superior cybersecurity outcomes,” said Gerard Allison, Senior Vice President, EMEA Sales at Sophos.
The data center is scheduled to go live in the fourth quarter of 2025 and is part of a broader regional strategy to bring high-assurance cybersecurity to fast-digitizing economies.
As ransomware tactics become more tailored and financially devastating, Sophos’s combination of in-country infrastructure, intelligence-led operations, and regulatory alignment aims to deliver a compelling value proposition for Middle Eastern enterprises facing escalating digital risks.
