The UAE Cyber Security Council and CPX, a leading provider of end-to-end cyber and physical security solutions, have today announced the release of the ‘State of the UAE Cybersecurity Report 2025’. The report provides an in-depth analysis of the UAE’s rapidly evolving cyber threat landscape, underlining the urgent need for advanced cybersecurity measures as cyber-attacks become increasingly complex and sophisticated.
With the attack surface expanding, over 223,800 assets hosted within the UAE are potentially exposed to cyber-attacks, while half of the critical vulnerabilities remain unaddressed for over five years. This level of exposure, combined with the growing prevalence of advanced cyber threats, reinforces the absolute necessity for robust cyber defences in a region that is both a technological leader in AI-driven innovation and of geopolitical significance.
The report examines key trends shaping the UAE’s cybersecurity challenges, including misconfiguration, which accounts for 32% of cyber incidents, followed by improper usage and unlawful activity at 19%. The government, finance, and energy sectors remain the primary targets for cyber threat actors.
In 2024, drive-by downloads continued to be a major attack vector, with phishing and web server compromises also posing significant risks. The integration of AI tools is further enhancing these attack techniques, particularly through social engineering, phishing lures, and deepfake technology, making them harder to detect and combat.
The financial impact of cyber breaches is another pressing concern. The Middle East, including the UAE, recorded the second-highest data breach costs globally, underscoring the region’s attractiveness to cybercriminals. eCrime remains a dominant threat, with a 58% rise in ransomware groups operating in the UAE. However, on a positive note, from the first half of 2023 to the first half of 2024, the UAE experienced a drastic decline in Distributed Denial of Service (DDoS) attacks, dropping from 96% from 58,538 to just 2,301.
H.E. Dr Mohamed Al Kuwaiti, Head of Cyber Security for the UAE Government, stated: “As we enter a new era of emerging technologies, AI-driven attacks and expanding cyber capabilities necessitate stricter vigilance to safeguard the future. Progress demands international collaboration, innovation, and commitment. Together, we will build a secure and prosperous digital UAE, where innovation thrives, opportunities expand, and our systems remain resilient against all threats.”
Hadi Anwar, Chief Executive Officer, CPX, added: “This report explores the strategies, policies, and innovations shaping the UAE’s digital transformation while addressing the challenges of securing critical infrastructure and sensitive data. The UAE’s significant progress in cybersecurity reflects a strong commitment to building a safe digital environment where technological advancements and national resilience go hand in hand.”
Key Takeaways
The report also highlights unique cybersecurity challenges facing the UAE, including the rise of AI-powered threats, increasingly sophisticated cybercriminal tactics, and Advanced Persistent Threats (APTs)—where state-sponsored actors integrate AI into their attack frameworks. It underscores the urgent need to strengthen national defence capabilities and cultivate a cybersecurity-aware culture across all sectors.
Compiled by CPX’s team of cybersecurity experts, the report serves as a strategic guide for government entities, businesses, and individuals. It outlines best practices to mitigate cyber risks, including:
🔹 Cybersecurity Awareness & Education – Essential for training government employees, businesses, and the public on best practices.
🔹 Regular Cybersecurity Audits & Compliance Checks – Critical for maintaining infrastructure integrity in line with international standards.
🔹 Asset Inventory Management – Key to detecting network anomalies and overlooked threats.
🔹 24/7 Security Operations Centre (SOC) – A proactive approach to monitoring and enhancing an organisation’s security posture.
🔹 Endpoint Detection & Response (EDR) – A vital tool for security analysts to identify compromises effectively and retain historical process execution records.
🔹 Cyber Threat Intelligence – Crucial for real-time risk assessment and adaptive security strategies.
🔹 AI Governance Frameworks – A foundational step in ensuring ethical and secure AI adoption.
As the UAE continues to lead in digital transformation, strengthening cybersecurity requires collaboration between government agencies, private sector entities, and individuals to safeguard the nation’s digital ecosystem.
