Key Takeaways
- Cyberattack attempts in the UAE jumped from ~200,000 to as many as 700,000 per day amid heightened U.S.–Iran tensions, with attackers increasingly using AI to speed up reconnaissance and execution.
- The average cost of a data breach in the Middle East reached $7.29 million in 2025, well above the global average, driving information‑security spending in MENA to an expected $4.07 billion in 2026 (+10.1% YoY).
- Gulf states are moving from reactive defenses to continuous, adaptive security models, integrating sovereign‑cloud architectures and AI‑driven threat detection into national‑level resilience plans.
- Physical strikes on cloud infrastructure—such as the March 2026 drone attacks on AWS data centers in the UAE and Bahrain—demonstrate a new, tangible threat vector that can cripple banking, payments, and enterprise services.
- Despite growing cyber‑insurance markets in the UAE and Saudi Arabia, coverage remains low and many policies exclude war‑related or state‑sponsored cyber events, leaving a protection gap that must be addressed as geopolitical risks rise.
Escalation of cyber threats amid US‑Iran tensions
The outbreak of the U.S.–Iran conflict on February 28 triggered a sharp increase in hostile cyber activity across the Gulf. Threat actors, emboldened by the broader geopolitical volatility, have intensified their campaigns against critical digital assets. In the UAE alone, daily cyber‑attack attempts rose from roughly 200,000 to as many as 700,000 over recent months. This surge reflects not only a higher volume of malicious traffic but also a more sophisticated threat landscape where adversaries blend traditional hacking techniques with emerging technologies such as artificial intelligence.
Surge in cyberattack attempts and AI‑enabled tactics
Help AG, the cybersecurity arm of UAE telecoms operator e&, reported that AI has become a force multiplier for attackers. By automating reconnaissance and enabling real‑time adaptation of attack methods, AI compresses the attack lifecycle dramatically. In Q1 2026, the firm observed that threat actors could complete intrusions 65 % faster than before, with some causing measurable damage in under 40 hours after initial access. The speed and precision afforded by machine‑learning tools mean defenders have far less time to detect and respond, prompting a urgent reassessment of defensive postures.
Financial impact of data breaches and rising security spending
The economic stakes are high. According to IBM’s 2025 report, the average cost of a data breach in the Middle East stood at $7.29 million—significantly above the global average of $4.44 million. This disparity underscores the region’s heightened exposure, driven by rapid digital transformation and the concentration of high‑value sectors such as finance, energy, and government. Consequently, information‑security expenditure across MENA is projected to reach $4.07 billion in 2026, a 10.1 % increase from 2025, as organizations allocate more resources to protect their digital assets.
Shift to adaptive, continuous security models and sovereign cloud
In response to the evolving threat environment, Gulf states are abandoning purely reactive security postures in favor of continuous, adaptive systems. Abdulla Ebrahim Al Ahmed, chief government relations officer at e& UAE, emphasized that security must be “continuously adaptive, locally aligned, and designed to protect critical infrastructure and citizen data in an AI‑driven environment.” A core component of this strategy is the adoption of sovereign cloud—specialized cloud environments that keep data, metadata, and infrastructure within a specific legal jurisdiction. By embedding security into infrastructure planning from the outset, the UAE and Saudi Arabia aim to create resilient, locally governed digital backbones that can withstand sustained pressure.
Role of AI as both offensive and defensive force multiplier
While attackers exploit AI to accelerate and refine their campaigns, defenders are simultaneously harnessing the same technology to improve threat detection and response. Aleksandar Valjarevic, acting CEO of Help AG, noted that AI and sovereignty are already reshaping how digital infrastructure is designed, secured, and governed across the GCC. Machine‑learning analytics enable security teams to sift through massive data streams, identify anomalous behavior in real time, and automate containment actions. This dual‑use dynamic means that the effectiveness of AI hinges on how well organizations integrate it into a holistic, continuously monitored security framework rather than deploying it as a stand‑alone tool.
Physical attacks on cloud infrastructure (AWS drone strikes)
The cyber threat spectrum expanded dramatically in early March 2026 when two Amazon Web Services (AWS) data centers in the United Arab Emirates were directly struck by drones, while a third facility in Bahrain suffered damage from a nearby drone strike. The attacks forced all three centers offline, triggering outages that rippled through banking, payment platforms, delivery apps, and enterprise software across the region. AWS reported that recovering workloads to other regions would be “prolonged, given the nature of the physical damage involved.” These incidents marked the first known occasion where military action had directly disrupted the operations of a major U.S. tech company’s cloud infrastructure, highlighting a tangible vulnerability that extends beyond pure cyber‑vectors.
Implications for regional cloud strategy and redundancy
The drone strikes have prompted Gulf governments to reconsider their reliance on a handful of hyperscale campuses operated by foreign cloud providers. To mitigate the risk of localized physical disruption, there is growing momentum to develop multiple, geographically dispersed data‑center sites and to build greater redundancy into network architectures. Such diversification would not only lessen the impact of any single attack but also align with national ambitions to become a global AI hub by ensuring that critical compute resources remain available under adverse conditions. However, expanding and hardening infrastructure entails higher capital and operational costs, which will likely be reflected in increased spending on construction, security, and insurance.
Gaps in cyber insurance and need for updated frameworks
Despite the rising threat landscape, cyber‑insurance penetration in the UAE and Saudi Arabia remains low compared with mature markets such as the United States and United Kingdom. Many businesses—especially small and medium‑sized enterprises—are underinsured, and existing policies often contain exclusions for acts of war, state‑sponsored cyberattacks, or widespread infrastructure failures. As geopolitical tensions intensify, these exclusions become increasingly relevant, leaving a protection gap that could exacerbate financial losses from incidents like the AWS drone strikes. Experts such as Elizabeth Heyes of the Observer Research Foundation Middle East argue that the region needs insurance frameworks that explicitly account for systemic risks stemming from regional instability, ensuring that the cost of cascading disruptions is not borne solely by affected organizations.
Outlook: projected spending and strategic priorities for GCC
Looking ahead, business‑consulting firm P&S Intelligence forecasts that cybersecurity spending across the GCC will surpass $9.6 billion by 2032, up from $5.9 billion in 2025. This growth reflects a broader strategic shift: security is no longer viewed as an isolated IT function but as an integral pillar of national resilience and economic development. Priorities include embedding AI‑driven defense mechanisms, expanding sovereign‑cloud capabilities, enhancing physical security of critical facilities, and cultivating collaborative security models that share threat intelligence across government and critical‑infrastructure sectors. By aligning these efforts with national security objectives, Gulf states aim to build a digital infrastructure that can endure both cyber and physical pressures while supporting their ambition to lead in AI innovation on the world stage.

