The UAE Cyber Security Council and CPX announced today the release of the State of the UAE Cybersecurity Report 2025, revealing that over 223,800 assets hosted within the UAE are potentially exposed to cyber-attacks, with half of the critical vulnerabilities remaining unaddressed for over five years.
This exposure, coupled with the surge in advanced cyber-attacks, underscores the necessity of robust cyber defenses in a region that is at the forefront of AI-driven technological innovation and geopolitical significance.
“As we stand on the cusp of a new era powered by emerging technologies, the rise in AI-driven attacks and widening cyber capabilities demand stricter vigilance to secure the future,” stated Dr. Mohamed Al Kuwaiti, head of cyber security for the UAE Government.
Government, finance and energy sectors remain most targeted
The report examines key trends shaping the current cybersecurity challenges, including misconfiguration, which represents 32 percent of cyber incidents, followed by improper usage and unlawful activity at 19 percent. The UAE government, finance and energy sectors are the most targeted by cyber threat actors.
In 2024, drive-by downloads remained a prevalent method for initial entry vectors used by threat actors, with phishing and web server compromises also of concern. These methods are becoming more sophisticated with the integration of AI tools, enhancing social engineering efforts, phishing lures and the deployment of deepfake technology to deceive victims.
Middle East records second-highest data breach costs globally
The trend is compounded by the financial repercussions of data breaches, with the Middle East, including the UAE, recording the second-highest data breach costs globally, reflecting the economic targets of cyber threat actors against the backdrop of Gulf prosperity.
eCrime also remains a significant threat, with the number of ransomware groups operating in the UAE witnessing a 58 percent growth. On a positive note, from the first half of 2023 to the first half of 2024, the UAE experienced a drastic decrease in distributed denial of service (DDoS) attacks from 58,538 to just 2,301.
“The path forward requires international collaboration, innovation, and commitment. Together, we will continue building a secure and prosperous digital UAE, where innovation flourishes, opportunities thrive, and our systems remain resilient in the face of any challenge,” added Al Kuwaiti.
Read: Abu Dhabi’s Presight to implement nationwide AI-powered smart city project in Albania
Mitigating cyber risks
The report also provides an overview of the unique cybersecurity challenges faced by the UAE, including a surge in AI-powered threats, the sophisticated tactics of cybercriminals and advanced persistent threats (APTs), where state-sponsored actors integrate AI into their attack frameworks. The report also emphasizes the need to enhance the country’s defense capabilities and foster a culture of cybersecurity awareness across all sectors.
The report also offered key best practices to mitigate cyber risks, including:
- Launching cybersecurity awareness and education initiatives.
- Running regular cybersecurity audits and compliance checks.
- Creating an asset inventory.
- Setting up a 24/7 Security Operations Center (SOC).
- Implementing Endpoint Detection & Response (EDR).
- Establishing a robust cyber threat intelligence function.
- Developing AI governance frameworks.
As the UAE continues to lead in digital transformation, addressing cybersecurity challenges requires efforts from government agencies, private sector entities and individuals to ensure the resilience and security of the nation’s digital landscape.
