The United Arab Emirates’ give attention to turning into a world hub for enterprise and innovation is driving digital transformation within the Center East, with the governments of each particular person emirates and the UAE as an entire pushing the adoption of digital applied sciences and companies.
The UAE Digital Authorities Technique 2025, based mostly on the OECD Digital Authorities Coverage Framework, requires an inclusive, digital-by-design framework that’s resilient and open by default, and consists of 64 completely different digital initiatives organized into six pillars. The Unified Digital Platform (UDP) — one a part of the general framework — brings collectively authorities companies underneath a typical platform to get rid of paperwork and streamline paperwork. And the Good Dubai 2021 Technique requires sensible, resilient cities, an interconnected society, easy-to-use autonomous transportation, and a lean, linked authorities.
But the digital transformation initiatives have attracted the eye of more and more subtle cyberattackers and have stretched native assets. The prevailing cyber workforce struggles to maintain up with fundamental safety efforts — reminiscent of patching — and organizations cannot recruit sufficient cybersecurity-skilled professionals, says Irina Zinovkina, the top of the knowledge safety analysis group at Optimistic Applied sciences.
“The UAE faces emergence of complicated assaults, growth of attacker strategies, [and] difficult-to-detect malware. Final, however not least, is that there’s [an] challenge with lack of personnel,” Zinovkina says. “To maintain up with digital transformation, organizations have to establish and assess the knowledge belongings that require safety, in addition to decide the occasions that would happen on account of a cyberattack.”
The UAE is already seeing indicators of a altering menace panorama, with greater than 50,000 assaults focusing on the nation’s public sector day by day. Authorities businesses are usually not alone: Up to now two years, the overwhelming majority (87%) of UAE-based companies have confronted a cybersecurity incident, in keeping with cybersecurity agency Kaspersky.
A Rising Assault Floor within the UAE
In a report on the menace panorama within the UAE, Abu Dhabi–based mostly cybersecurity companies agency CPX discovered greater than 155,000 susceptible belongings whereas scanning the nation’s Web area. It founds that over the previous 5 years within the UAE, 40% of probably the most crucial vulnerabilities stay unpatched.
“Alarmingly, most of the vulnerabilities exploited are historic, indicating a niche in patch administration practices,” a CPX spokesperson said in an e-mail interview. “Well timed and efficient patch administration is essential and may considerably cut back the chance posed by these vulnerabilities.”
The UAE’s scarcity of cybersecurity professionals has made well timed software program patching unrealistic in lots of instances. In truth, technical professionals are typically in brief provide general, with the nation acknowledging that it is just 10% of the best way to its aim of accelerating the “workforce within the federal authorities skilled in fashionable applied sciences,” in keeping with the UAE Digital Authorities Technique 2025.
“Assault surfaces within the UAE are persistently increasing with the rising adoption of applied sciences like cloud computing, operational expertise (OT), and synthetic intelligence (AI), offering menace actors with elevated alternatives for unlawful system infiltration,” the CPX spokesperson stated. “Cybersecurity transcends native, regional, and world boundaries, necessitating a unified response.”
UAE’s Progress Attracts Cybercriminals
The digital transformation efforts have attracted the eye of cybercriminals.
In an evaluation of greater than 91 million messages is sort of 250 Telegram boards and channels, cybersecurity agency Optimistic Applied sciences discovered that the United Arab Emirates is the most-mentioned nation within the Gulf Cooperation Council (GCC), with 46% of messages mentioning the UAE, whereas Saudi Arabia ranked second, with 23% of messages referring to that nation.
With cybercriminals more and more utilizing AI applied sciences reminiscent of massive language fashions (LLMs), their assaults have gotten extra subtle, with fewer easy-to-spot campaigns, says Optimistic Applied sciences’ Zinovkina.
“All new applied sciences convey dangers, particularly to the safety panorama,” she says. “[For] the UAE, digital transformation within the nation could face such challenges as integration complexities and information safety issues.”
One other concern: Whereas digital transformation could enhance the assault floor space, it additionally will increase the influence of a profitable assault on the nation’s infrastructure.
The UAE has at all times been very enterprise ahead, and whereas rising digitization helps make the nation a extra pleasant digital economic system, it can also enhance the potential for disruption within the occasion of a profitable assault, says Jon Amato, a senior director analyst at Gartner and chair of the Gartner Safety and Danger Convention for the Center East.
“Have a look at the basic instance of the DDoS assaults on Estonia — they’d an enormous digital transformation initiative, and years in the past [in 2007], Russia was mainly capable of cripple them for months at a time,” he says. “Digital transformation is certainly part of that equation — it would not enhance the probability of such a factor taking place, nevertheless it undoubtedly will increase the influence if it does.”
Extra Cloud-Native Safety
UAE organizations have to make it possible for as companies transfer to the cloud, cybersecurity follows, says Wealthy Davis, director of resolution technique for cloud-security agency Netskope.
Organizations within the Center East nonetheless have legacy {hardware} home equipment that make the transfer to a cloud-native digital transformation tougher and troublesome to safe.
Authorities businesses and personal sector corporations ought to undertake security-as-a service (SaaS) and infrastructure-as-a-service (IaaS) instruments, and an general zero-trust mannequin, Davis says.
“This safety transformation strikes safety companies out of a central location to be consistent with the brand new companies organizations are deploying to help their digital transformation,” he says. “The first shift we’ve got noticed is a philosophy shift away from the normal perimeter safety mannequin, to 1 that assumes information and purposes are all over the place and that staff are accessing them from anyplace.”
The scarcity of cybersecurity professionals can also be limiting the nation’s potential to handle the safety of its cloud companies and digital belongings, an issue that’s not restricted to the Center East, says Gartner’s Amato.
“The place do you discover the people who find themselves expert sufficient to plan for these items? How do you use it?” he says. “Discovering individuals is at all times going to be the largest downside that we see for safety within the United Arab Emirates, and in nearly some other place on the earth.”
