Exclusive: 78% of Middle East Business Leaders Expect Cyberattacks This Year

Cloudflare’s research reveals that a staggering 78% of business leaders in the Middle East and Türkiye (MET) region expect their organisations to fall victim to a cyberattack within the next year. Yet despite these concerns, the same study shows that only 46% believe they are adequately prepared to respond to such an incident.

by Christian Reilly, Field CTO EMEA at Cloudflare

Cybercrime is forecast to cause almost US$14 trillion in damage annually by 2028. AI-driven attacks, supply chain vulnerabilities, credential stuffing by bots and the looming threat of quantum computing are compelling IT security teams to innovate. Which technologies offer real protection, and how can organisations safeguard their digital futures?

The threat landscape in cyberspace is becoming increasingly complex, demanding innovative strategies and closer collaboration between businesses, governments and technology providers.

Cybercrime remains a growing burden on the global economy. According to Statista forecasts, global costs are expected to rise by around 1% each year, reaching US$13.82 trillion by 2028.

Rapid technological advances, particularly in artificial intelligence, have made attackers more agile and sophisticated. This is reshaping the security landscape, with serious consequences reflected in state-sponsored incidents and attacks on critical infrastructure.

Tackling today’s security challenges requires a united approach.

AI – Opportunities and Risks

Artificial intelligence offers businesses in the region opportunities to optimise processes but also introduces considerable risks. It enables cyber criminals to bypass detection rules, launch tailored phishing campaigns, and conduct automated attacks. Meanwhile, companies — especially within the Gulf Cooperation Council (GCC) countries — are under pressure to rapidly adopt AI while ensuring staff are trained at the same pace. Security teams must safeguard AI models to protect sensitive data and maintain operational stability — often with limited budgets and resources.

Automated phishing detection systems can help address this threat effectively. These tools are designed to enhance the speed and accuracy of threat detection while remaining scalable and resource-efficient. By using machine learning and heuristic rules, they can identify suspicious URLs and websites, even those appearing innocuous to other solutions. Cloudflare’s own phishing detection system automatically resolved nearly 80% of phishing reports in the second half of 2024. In fast-digitising economies such as the UAE and Saudi Arabia, these technologies are vital to keeping pace with attackers.

“Blind Spots” and an Expanding Attack Surface

The widespread move to remote working, cloud adoption and digital transformation across the Middle East has significantly expanded the potential attack surface. This development has created security gaps that can be exploited by malicious actors. Of particular concern are “blind spots” — areas where security teams lack sufficient visibility. Without clear oversight, detecting and mitigating threats early remains a challenge.

Complexity as a Barrier to Security

Another significant obstacle to effective cybersecurity is the growing complexity of modern IT environments. Organisations are dealing with fragmented technology stacks, multi-cloud architectures and an ongoing shortage of skilled security professionals. These factors complicate situational awareness and increase operational overheads. At the same time, complexity hinders the modernisation of security frameworks. Without integrated platforms offering comprehensive protection and visibility, security teams struggle to respond effectively to emerging threats.

Supply Chain Attacks – An Underestimated Risk

Supply chain security incidents represent another growing concern in the Middle East. Vulnerabilities among third parties can cascade across entire digital ecosystems, causing widespread disruption. Security teams must therefore consider risks extending well beyond their immediate infrastructure. This demands a holistic view of all dependencies within the technology stack — particularly important for sectors such as energy and logistics, where regional players are closely interconnected.

The Role of Bots and Leaked Credentials

Bots play a pivotal role in enabling attacks like credential stuffing — where stolen credentials are used to gain unauthorised access to systems. According to Cloudflare’s research, 95% of login attempts using compromised passwords are initiated by bots. Platforms such as WordPress are especially vulnerable, with 76% of these attempts proving successful.

Another worrying trend is the repeated use of compromised passwords. Cloudflare’s findings show that 41% of successful logins to websites on its network involve stolen credentials. These figures underscore the urgent need for stronger safeguards, such as multi-factor authentication (MFA) and rate limiting.

Post-Quantum Security: Preparing for the Next Era

The emergence of quantum computing represents a fundamental shift in internet security. Cryptographic systems in particular will need to evolve, as traditional encryption could be easily broken by quantum processors. However, collaborative initiatives between NIST, Microsoft, and Cloudflare offer some reassurance, pointing towards robust solutions to address this imminent challenge.

Combating Cybercrime Requires Innovation

The increasingly complex threat landscape calls for innovative approaches and close collaboration between companies, governments and technology providers. The “defender’s dilemma” is becoming ever more acute: while cyber criminals need only one successful breach, organisations must defend against every attempted attack to protect operations and data.

Automation, AI-powered detection systems and enhanced security frameworks are essential to staying ahead of cyber criminals. Simultaneously, long-term strategies must be developed to address technological disruptors like quantum computing.

As part of its Security Week 2025, Cloudflare showcased proactive measures to combat cyber threats within its Connectivity Cloud — including initiatives to protect against phishing and secure political campaigns. Ultimately, cybersecurity remains a collective responsibility. Only through shared effort can the internet be made a safer space for all.