The UAE Cyber Security Council and CPX, a global end-to-end cyber and physical security solutions and services provider, the ‘State of the UAE Cybersecurity Report 2025’. The report provides a thorough understanding of the UAE’s fast-changing cyber threat landscape, stressing the urgent necessity for next-generation cybersecurity solutions against the escalating complexity and sophistication of cyber-attacks.
Emphasizing the gravity of the moment, the attack surface keeps expanding. More than 223,800 assets hosted in the UAE are theoretically vulnerable to cyber-attacks, with fifty percent of the serious vulnerabilities being left unmitigated for more than five years. This vulnerability, added to the acceleration of sophisticated cyber-attacks, highlights the sheer imperative of an advanced defense system at a time when the region is right at the edge of AI-fueled technological development and geopolitical prominence.
The report considers some of the major trends driving present-day cybersecurity issues, with misconfiguration being 32% of the cyber attacks, followed by incorrect use and illegal activities at 19%. Government, finance, and energy industries are the most targeted by cyber attackers.
In 2024, drive-by downloads are still one of the most common ways initial entry vectors are utilized by threat actors, followed by phishing and web server compromise. These are becoming more advanced with the use of AI tools being incorporated into them to become more sophisticated social engineering tactics, more advanced phishing lures, and the use of deepfake technology to dupe the victim.
The trend is fueled by the economic impacts of data breaches, with the Middle East, including the UAE, posting the second-highest data breach costs in the world, mirroring the economic targets of cyber threat actors against the backdrop of Gulf prosperity. eCrime also continues to pose a tremendous threat, with the number of ransomware groups active in the UAE has seen 58% growth. On the positive side, from the first half of 2023 up to the first half of 2024, the UAE saw its distributed denial of service (DDoS) attacks go down by leaps and bounds from 58,538 to a mere 2,301.
H.E. Dr. Mohamed Al Kuwaiti, UAE Government Cyber Security Head, stated: “As we are on the threshold of a new age fueled by emerging technologies, the increase in AI-based attacks and expanding cyber capabilities necessitate tighter vigilance to ensure the future. The way forward calls for international cooperation, innovation, and dedication.”. And together, we will keep developing a safe and prosperous digital UAE, where innovation thrives, opportunities abound, and our systems stay firm against any adversity.”
Hadi Anwar, CPX Chief Executive Officer, said: “The latest cybersecurity report touches on the tactics, policies, and innovations underpinning the UAE’s digital transformation while seeking to address the intricacies involved in safeguarding critical infrastructure as well as sensitive information. Such an impressive turnaround in the field of cybersecurity represents a commitment toward building a safe environment where advancements in the digital sphere and resilience at the national level go in tandem.”
The report also gives an overview of the distinctive cybersecurity challenges confronting the UAE, such as a rise in AI-driven threats, sophisticated cybercrime tactics, and APTs, wherein state-sponsored attackers incorporate AI into their attack toolkits. The report stresses that the country’s defense capabilities should be improved and a culture of cybersecurity awareness throughout all sectors encouraged.
Authored by CPX’s cybersecurity specialists, the report serves as a strategic playbook for government agencies, enterprises, and individuals, offering practical recommendations to navigate the nuance of a new AI world. Some top best practices to avoid cyber risks outlined in the document include:
- Initiate cybersecurity education and awareness campaigns: Important to train government staff, companies, and the broader community on cybersecurity best practices
- Run routine cybersecurity audits and compliance tests: Critical to upholding the integrity of critical infrastructure and essential services in the UAE to international standards
- Build an asset inventory: Crucial to detecting network anomalies and threats that evade conventional defenses
- Establish a 24/7 Security Operations Center (SOC): An active approach to round-the-clock monitoring and analysis of the security posture of the organization
- Implement Endpoint Detection & Response (EDR): Crucial to enable security analysts or threat hunters to detect compromises well and retain history process execution logs
- Develop a strong cyber threat intelligence capability: Critical to providing key insights regarding new and emerging threats to support real-time adaptations of security stances, boosting overall resilience
- Create AI governance frameworks: A foundation for securing safe and ethical application of AI in the organization
As the UAE continues to lead in digital transformation, addressing cybersecurity challenges requires a concerted effort from government agencies, private sector entities, and individuals to ensure the resilience and security of the nation’s digital landscape.
