How to Report Cyber Attacks in UAE: A Guide for Organizations

When a cyber attack hits an organization, the first steps act like first aid—they help stabilize the situation and prevent further damage. This includes identifying the breach, containing affected systems, and carefully documenting what happened. Taking swift action here can significantly reduce the impact on the business.

However, managing a cyber attack goes beyond these immediate measures. For organizations operating in the UAE, there are also important responsibilities that extend outside the company. One key responsibility is reporting the incident to the appropriate authorities and relevant stakeholders. Reporting plays a vital role in enabling investigations, coordinating responses, and protecting the broader digital ecosystem. By informing the right agencies, organizations assist law enforcement in tracking cyber criminals and supporting efforts to reduce the risk of similar attacks in the future.

This article serves as a step-by-step guide for UAE-based organizations on where, when, and how to report cyber attacks, ensuring compliance and helping businesses recover with confidence.

When, Whom, and How to Report Cyber Attacks After Internal Incident Response

1. Inform Affected Parties

Notifying customers, employees, and partners affected by the cyber attack is essential—especially if their personal or sensitive data has been compromised. Timely and transparent communication enables them to take necessary protective actions, such as updating passwords or monitoring accounts for suspicious activity. This openness helps maintain trust and reduces the risk of further harm from targeted attacks. Clear messaging also demonstrates your organization’s commitment to responsibility and compliance with data protection principles.

2. Report Cyber Attacks to the Police

Cyber attacks should be reported to the police when criminal activity is involved—such as data breaches, financial fraud, ransomware, or unauthorized access. In the UAE, law enforcement agencies provide dedicated platforms to report cyber crimes efficiently. The Dubai Police operate the eCrime website, a specialized portal for residents and businesses to report cyber incidents. Similarly, the Abu Dhabi Police offer the Aman service, designed to handle cyber crime reports and other criminal complaints. These platforms enable direct communication with police authorities for faster response and investigation. Cyber crimes can also be reported by visiting the nearest police station or by calling 999 for immediate assistance. Reporting through police channels ensures that incidents receive official attention and can be escalated within the justice system. Both services are accessible online and are trusted avenues for filing cyber crime complaints.

3. Report Cyber Crime via Government Portals

Besides police platforms, several government portals facilitate cyber crime reporting across the UAE. The Ministry of Interior’s eCrimes platform is available through the MoI UAE app, downloadable on Google Play, App Store, and AppGallery. This mobile-friendly option allows users to report cyber incidents conveniently from their smartphones. Additionally, the UAE Federal Public Prosecution offers the My Safe Society app, available on iTunes and Google Play, which enables citizens and residents to report cyber crimes directly to prosecution authorities. These government portals complement police services by providing broader access points for reporting. Using these official apps helps ensure timely reporting and supports national cyber security efforts.

4. Report Personal Data Breaches

Under the UAE Personal Data Protection Law (PDPL), organizations are required to report personal data breaches to the UAE Data Office as soon as they become aware of them. The UAE Data Office, affiliated with the UAE Cabinet, serves as the federal regulator overseeing data protection across the country. It is responsible for developing policies, setting standards, handling complaints, and issuing guidelines to ensure effective implementation of the Personal Data Protection Law.

The notification should include details about the breach, such as what happened, how many individuals were affected, the potential impact, and the measures taken to address the issue. If the breach poses a serious risk to the rights and freedoms of individuals, the affected people must be informed promptly so they can take steps to protect themselves. Additionally, organizations must maintain records of all data breaches and the actions taken in response. Failure to comply with these reporting requirements can result in fines and penalties under the PDPL.

5. Report Cyber Incidents to TDRA

Organizations should report cyber incidents to the Telecommunications and Digital Government Regulatory Authority (TDRA) when the event impacts critical digital infrastructure, telecommunications services, or causes significant operational disruptions. TDRA serves as the central authority for managing cyber incidents across the UAE, providing a single point of contact for reporting and support. They use a standardized process to assess the severity of incidents and coordinate a timely, cross-agency response. TDRA also promotes information sharing among relevant agencies to enhance threat intelligence and situational awareness. Their National Cyber Incident Response Plan guides the management of large-scale cyber events, ensuring the resilience of critical infrastructure. To report an incident, organizations should use TDRA’s official website, which offers dedicated channels for timely and secure submission. Reporting to TDRA helps organizations meet regulatory requirements while accessing expert assistance for effective incident handling.

Moving Forward with Confidence

Cyber attacks are an unfortunate reality, but having a clear process for reporting ensures your organization is ready to respond effectively. Staying informed about the right channels and maintaining strong communication with authorities can make all the difference in managing an incident. By preparing ahead and acting promptly, businesses in the UAE can protect their assets and reputation. Remember, cyber security is a shared responsibility that requires ongoing vigilance. Taking these steps today will strengthen your resilience against tomorrow’s threats.