There has lately been a tendency to ignore cyber-predicaments until they evolve into historic or catastrophic events. Geopolitical and national interests determine whether a proactive cyber-defence lesson is learnt from the others’ experience or these issues are still dealt subtly. Delaying appropriate action, or ignoring these issues for too long or even by ignoring for a little while, can now result in unmanageable crisis, significant loss of data, and not to mention the time and financial investments. Some of my sources had predicted early in 2012 about series of cyber-attacks that will hit countries in the Middle East in a row. Much to my surprise, yes, the attacks began with a massive one which was not even close to what the expert predictions were or what I had imagined to be. 30000+ computers were infected, restored, and billions of dollars was spent by Saudi Aramco in recovery of the systems - no loss of sensitive data or harm to their critical infrastructure and oil & gas exploration claimed the company although the brand damage was devastating. I may be the millionth person speaking about this as this incident is now very well known in all corners of the world (doing circles I must say). Still bragging about this? Remember what the experts had predicted “Series of attacks”. There have been other attacks in the region that also made the headlines like the Qatar’s RasGas, Saudi Arabian Ministry of Interior, the UAE based Ras-Al Khaima Bank (RAK Bank), the Omani based Bank of Muscat and more. Alright, let’s stop here and try to re-think the motives of region’s recent cyber attacks. Despite predictions and several warnings, there have been considerably high impact cyber-attacks; couple on the Oil & Gas giants let’s say for “undisclosed reasons”. Another on a National security force almost clearly for political reasons or must I say a classic example of Hacktivism? And a few more on banks most obviously for financial gains. Although the alarm for regional imperative for cyber security rang a while ago, why was the defence let down? Was there any defence in the first place? Arguably yes, but I’m being very ambivalent here as it depends on the scale of defence and their capability to combat these cyber-attacks. Remember the case of Estonia, one of the world’s largest co-ordinated (state-sponsored) cyber-attacks where nobody knew what was coming their way, but when it did, it was far more than just being too late. One of the most common means of cyber attack “Distributed Denial of Service (DDoS)” undermined the entire nation. Why this example? Imagine what attacks like these can look like on a regional level with every second country in the region being attacked day-in and day-out. While people like us keep referring to history and make direct comments on cyber-security, the respective Governments have not been able to retort which clarifies the uncertainty of their cyber-defence capabilities. It was time for collective cyber-defence - first at the enterprise level where the public and private sector companies strengthened their cyber threat/attack detection and prevention capabilities and then at the national level with the Government creating an integrated system or model for real time threat or attack information reporting and sharing. And finally, at the regional level with countries collaborating to address mutual concerns.