UAE Cyber Threats Intensify: Ransomware Up 32%, Shadow AI and BEC Attacks on the Rise
UAE cyber threats are surging, with ransomware up 32% and phishing causing 75% of breaches. Risks now include "Shadow AI" and AI-driven email fraud. The UAE Cyber Security Council warns that the market will hit $1.51B by 2031 as the nation shifts toward mandatory resilience.

Illustration representing escalating cyber threats in the UAE including ransomware, business email compromise, and shadow AI risks facing enterprises in 2026
The United Arab Emirates is facing a sharp and sustained rise in cyber threats, with officials warning that both individuals and enterprises are increasingly vulnerable to sophisticated attacks that now extend well beyond phishing into ransomware, business email compromise, and emerging risks from unapproved artificial intelligence tools in the workplace.
The UAE Cyber Security Council, which issued a phishing warning on 6 April highlighting that more than 75% of cyber breaches originate from fraudulent emails, has now broadened its advisory as the country's threat landscape continues to deepen and diversify.
Ransomware has emerged as one of the most serious escalating risks. According to the UAE Cyber Security Council, attacks in the UAE rose by 32% in 2024, with no sign of slowing into 2026. Cybercriminals have moved beyond simply encrypting data — they are now simultaneously threatening to publish stolen information, significantly compounding both financial and reputational damage for victims. Financial institutions remain prime targets, but healthcare, telecoms, and government contractors are facing growing pressure across the board.
The Council estimates that 52% of cyberattacks in the UAE are financially motivated, typically tied to extortion or ransomware campaigns. The financial weight of this threat is reflected in the rapid expansion of the defence market— the UAE's cybersecurity market, currently valued at USD 0.91 billion in 2026, is projected to reach USD 1.51 billion by 2031 as organisations invest more heavily in defence.
Phishing itself is undergoing a significant evolution. Attackers are now deploying artificial intelligence to craft highly personalised messages that convincingly mimic senior executives or trusted suppliers — a technique known as business email compromise. These attacks are specifically engineered to manipulate employees into transferring funds or disclosing sensitive credentials, and they are becoming increasingly difficult to detect even for trained security teams.
A new and growing blind spot is what security experts are calling shadow AI — the use of unapproved artificial intelligence tools by employees without IT or security oversight. According to Gartner, by 2030 more than 40% of enterprises will experience security or compliance incidents linked to unauthorised shadow AI. These tools can access sensitive company data and introduce security gaps that traditional protection systems are simply not designed to detect — a blind spot that many enterprise security frameworks across the GCC have yet to address.
The pace of the threat environment is also accelerating. Recent data indicates that attackers can exploit newly discovered vulnerabilities within 48 hours of disclosure, leaving organisations with a critically narrow response window. At the same time, critical infrastructure faces additional pressure from increasingly advanced and, in some cases, state-sponsored operations — with most major global cyber incidents in 2026 involving deliberate disruption or sabotage rather than opportunistic criminal activity.
The UAE Cyber Security Council continues to stress that the human element remains the most exploitable vulnerability in any organisation's security posture. In response, the National Cyber Security Strategy 2025–2031 is introducing stricter accountability requirements for organisations, signalling a clear regulatory shift from voluntary best practice to mandatory resilience. Enabling multi-factor authentication, maintaining regular system updates, and reporting suspicious activity through the UAE official cybercrime reporting portal remain the Council's core guidance for both individuals and enterprise teams.
Omar Al-Hakeem
Senior Cyber Threat Analyst | MENA RegionOmar Al-Hakeem is a cybersecurity researcher specializing in threat intelligence, ransomware trends, and nation-state activity across the Middle East and North Africa. With over 12 years of experience in SOC operations and incident response, he provides deep technical breakdowns of emerging attacks and regional cyber risks. At MENA Cyber Wire, Omar focuses on real-world threat analysis and actionable defense strategies for enterprises and startups.