The UAE Cyber Security Council and CPX, a global provider of cyber and physical security solutions and services, released the “State of the UAE Cybersecurity Report 2025.” The report gives a full picture of the UAE’s quickly changing cyber threat landscape and stresses the need for next-generation cybersecurity solutions right away because cyber attacks are becoming more complex and advanced.
The attack surface keeps getting bigger, which shows how serious the situation is. The UAE hosts more than 223,800 assets that could be attacked online. Half of the serious vulnerabilities have been left unaddressed for more than five years. This weakness, along with the rise of more advanced cyberattacks, makes it clear that the region needs an advanced defense system right now, when it is on the verge of becoming a major player in AI-driven technological development and geopolitics.
The report looks at some of the main trends that are causing today’s cybersecurity problems. Misconfiguration is responsible for 32% of cyber attacks, while incorrect use and illegal activities account for 19%. Cyber attackers mostly go after the government, finance, and energy sectors.
In 2024, drive-by downloads are still one of the most common ways that threat actors get into systems, along with phishing and compromising web servers. These are getting better as they use AI tools to make social engineering tricks, phishing lures, and deepfake technology to trick the victim into giving up their information.
The trend is being driven by the economic effects of data breaches. The Middle East, including the UAE, has the second-highest costs for data breaches in the world, which is similar to the economic goals of cybercriminals against the backdrop of Gulf prosperity. The threat of eCrime is still very high, with the number of ransomware groups operating in the UAE up by 58%. On the bright side, the UAE’s distributed denial of service (DDoS) attacks dropped by a huge amount, from 58,538 in the first half of 2023 to just 2,301 in the first half of 2024.
Dr. Mohamed Al Kuwaiti, the head of cyber security for the UAE government, said, “As we enter a new age driven by new technologies, the rise in AI-based attacks and the growth of cyber capabilities require us to be more vigilant to protect the future.” To move forward, we need to work together, come up with new ideas, and be dedicated. And together, we will keep making the digital UAE a safe and prosperous place where new ideas can grow, there are many chances, and our systems stay strong in the face of any challenge.
Hadi Anwar, the CEO of CPX, said, “The latest cybersecurity report talks about the strategies, rules, and new technologies that are driving the UAE’s digital transformation while also trying to deal with the challenges of protecting important infrastructure and private data.” This big change in cybersecurity shows a commitment to creating a safe space where progress in the digital world and national resilience can happen at the same time.
The report also talks about the unique cybersecurity problems the UAE faces, like the rise of AI-driven threats, more advanced cybercrime methods, and APTs, which are attacks by state-sponsored hackers that use AI in their tools. The report says that the country’s defense capabilities need to be better and that all sectors should promote a culture of cybersecurity awareness.
Written by CPX’s cybersecurity experts, the report is a strategic guide for businesses, government agencies, and individuals that gives them useful tips on how to deal with the complexities of a new AI world. Some of the best ways to avoid cyber risks that are listed in the document are:
- Initiate cybersecurity education and awareness campaigns: Important to train government staff, companies, and the broader community on cybersecurity best practices
- Run routine cybersecurity audits and compliance tests: Critical to upholding the integrity of critical infrastructure and essential services in the UAE to international standards
- Build an asset inventory: Crucial to detecting network anomalies and threats that evade conventional defenses
- Establish a 24/7 Security Operations Center (SOC): An active approach to round-the-clock monitoring and analysis of the security posture of the organization
- Implement Endpoint Detection & Response (EDR): Crucial to enable security analysts or threat hunters to detect compromises well and retain historical process execution logs
- Develop a strong cyber threat intelligence capability: Critical to providing key insights regarding new and emerging threats to support real-time adaptations of security stances, boosting overall resilience
- Create AI governance frameworks: A foundation for securing safe and ethical application of AI in the organization
As the UAE continues to lead in digital transformation, everyone—government agencies, businesses, and individuals—needs to work together to make sure the country’s digital landscape is safe and strong.
