How CISOs In The UAE Are Navigating Today’s Cybersecurity Landscape

Emile Abou Saleh, Senior Regional Director for the Middle East, Turkey, and Africa at Proofpoint, highlights how UAE CISOs tackle evolving cyber threats through AI-powered defenses, data loss prevention, and employee training.

Cyber threats are more targeted, sophisticated, and frequent than ever before. Security leaders globally and in the UAE continue to contend with an ever-evolving threat landscape, with risks heightened from a disparate workforce working across more collaborative applications than ever before. And while generative artificial intelligence (AI) tools hold great promise, they also have lowered the bar to entry for cyber criminals. Anyone with a few pounds now has the means to launch devastating attacks.

With this in mind, it comes as no surprise that CISOs in the UAE are concerned of the attacks facing their organizations. Proofpoint’s 2024 Voice of the CISO report, a global survey of 1,600 CISOs, including those based in the UAE, found over two-thirds (70%) of the region’s security leaders remain in fear of a material cyberattack over the next 12 months.

UAE CISOs are undoubtedly making big strides in their efforts to combat these threats, for example adopting data loss prevention (DLP) technology and investing more in security education to overcome setbacks. Over half (51%) of CISOs surveyed in 2024 have data loss prevention technology (DLP) in place compared to just 45% in 2023. More than half (55%) of CISOs surveyed invested in educating employees on data security best practices which is higher in 2024 compared to 2023 (41%).

Top threats are shifting, but people remain the biggest risk
Human error remains the Achilles’ heel of cyber risk. This year, there was an uptick in the number of CISOs who viewed human error as their organization’s biggest cyber vulnerability. More than two third (76%) in this year’s survey vs. 59% in 2023 expressed worry about people exposing organizations to attacks – as cybercriminals now have a much broader attack surface to aim at – and all they need to succeed is a distracted click or errant download.

Encouragingly, however, an overwhelming 87% of CISOs in the UAE believe their employees understand their role in protecting their organization. This confidence is higher than in previous years – 56% in 2023 and 51% in 2022.

The top threats keeping UAE CISOs awake at night differ from last year. Cloud account compromise and ransomware topped these CISOs concerns, with cyber cloud account compromise (Microsoft 365 or G Suite or other) (44%), ransomware attacks (42%) and malware (42%), among the biggest risks cited.

These top threats are different from last year, when CISOs in the UAE perceived distributed email fraud, cloud account compromise (Microsoft 365, G Suite or other), malware and smishing/vishing as the biggest threats. This is a particular area of concern for the region as countries accelerate their digitalization ambitions and transition to the cloud.

Artificial intelligence brings heightened concerns
Artificial Intelligence (AI) is expected to continue to grow exponentially over the next few years. According to research by PwC, AI could contribute up to $15.7 trillion to the global economy in 2030. Middle East countries are expected to be among the biggest beneficiaries, with an anticipated gains to the tune of roughly US$320 billion.

The potential of this technology is undoubtedly vast, but the wider adoption of AI has also brought innumerable cybersecurity challenges – and CISOs are concerned.

Almost half (49%) of CISOs in the UAE surveyed believe that generative AI poses a security risk to their organization. The top three systems CISOs viewed as introducing risk to their organizations were Microsoft 365 (50%), Perimeter network device (45%), Slack/Teams/Zoom/other collaboration tools (43%) and ChatGPT/other genAI (40%).

As cybercriminals use AI in their attacks – cyber defenders must also use the technology in their security stack. The good news is that the vast majority (89%) of UAE CISOs are looking to deploy AI-powered capabilities to protect against human error and advanced human-centered cyber threats.

Building resilience
The pressures of preventing and managing cyber breaches hasn’t been easy on CISOs. Unsurprisingly, 69% of CISOs admitted to burn out in 2024 compared to 59% last year, while 87% felt they face excessive expectations, a steady increase from 59% last year and 38% the year before.

They have also had to grapple with other challenges – namely employee turnover. More than half (63%) of CISOs agreed that the economic downturn has hampered their ability to make business-critical investments, with 49% of them being asked to cut staff or delay backfills as well as reduce security budgets. Predictably, nearly half of security leaders (45%) reported having to deal with a material loss of sensitive data in the past 12 months, and of those, 64% agreed that employees leaving the organization contributed to the loss.

Amidst this upheaval, the board-CISO relationship improved significantly. In 2024, 80% of CISOs agreed that their board members see eye-to-eye with them on cybersecurity issues. This is a significant jump from 63% in 2023, and 47% in 2022.

Despite the progress made and wider support from the board, 69% of CISOs in the UAE are concerned about personal liability (60% in 2023) and 74% (56% in 2023) would not join an organization that does not offer Directors & Officers (D&O) insurance coverage.

While CISOs are undoubtedly feeling the pressure of their elevated position in the boardroom, many still find reason to be optimistic. Overall, there is greater confidence in their ability to defend against cyberattacks through user awareness and data loss prevention programs. To tide over challenges, they will need to eliminate threats and build trust as they foster growth for their organization.

The CISO may have numerous priorities in the year ahead, combatting AI-powered attacks alongside old adversaries like ransomware and BEC. But solving the issue of people risk must continue to top the list to ensure they can continue to defend their organisations now and in the future.