Safeguarding Data During Uncertain Times: Cybersecurity Priorities For The GCC

Heightened geopolitical tension is commonly accompanied by a measurable increase in cyber risk. In February 2026, Dr Mohamed Hamad Al Kuwaiti, Head of the UAE Cybersecurity Council (the Council), announced that “over 90,000 to 200,000 breach attempts strike the UAE infrastructure every single day”, highlighting the need for an advanced and proactive cybersecurity ecosystem to counter digital threats.¹ Other authorities outside the Gulf Cooperation Council (GCC), such as the UK National Cyber Security Centre (NCSC) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), have consistently warned that periods of instability are exploited by threat actors to intensify both opportunistic and targeted cyber activity.² (see Akin’s alert on CISA’s warning of ongoing cyber activity targeting U.S. critical infrastructure in light of the regional developments here). These advisories build on prior government guidance highlighting both the significant consequences of cyber incidents and the need for vigilance against cyber risks. Such guidance includes, for example, the U.S. Bureau of Industry and Security’s warning that the theft of export-controlled information from a company’s computer systems by foreign cyber actors poses a serious threat to national security interests, as well as to a company’s competitive lifeblood—its intellectual property.³ For organisations operating across the GCC and the broader Middle East and North Africa region, this evolving environment warrants immediate attention at both the technical and governance levels. We summarise below key risks and set out practical steps to help mitigate exposure.

5 Key Takeaways

As further discussed in this alert, GCC organisations should prioritise the following actions:

1. Reassess cyber risk exposure in light of current geopolitical volatility and the increasing convergence of cyber and state-aligned threat activity.
2. Implement immediate technical safeguards, particularly around identity and access management, monitoring and phishing resistance controls.
3. Address AI as an emerging cyber risk and governance issue, ensuring appropriate controls, employee awareness and oversight of both the risks and benefits of AI-enabled tools.
4. Test and strengthen incident response, business continuity and recovery capabilities.
5. Enhance governance and broader risk management, including stronger board-level oversight of cyber risk and continuous monitoring of third-party and supply chain risks.

Elevated Risk Environment

Periods of geopolitical uncertainty tend to correlate with increased activity by state-aligned and politically motivated actors, greater targeting of strategically significant industries and regions, a rise in opportunistic cyber incidents (including ransomware and phishing), and spillover effects from global cyber campaigns impacting regional operations. The World Economic Forum has identified geopolitical instability as a primary driver of global cyber risk escalation, with 64% of organisations reporting exposure to geopolitically motivated cyberattacks and 91% of the largest organisations changing their cybersecurity strategies as a result of geopolitical volatility.^4 5 Geopolitical risk is now a significant factor shaping cyber defence, particularly as global organisations with employees across jurisdictions are inherently more exposed to geopolitical volatility. This trend is reflected in regional investment patterns: in Saudi Arabia, the National Cybersecurity Authority reported that cybersecurity spending reached SAR 15.2 billion in 2024, with the sector contributing SAR 18.5 billion to GDP, underscoring the growing scale and strategic importance of cyber risk across the region.⁶ Given the GCC’s concentration of critical infrastructure, energy assets, financial institutions, and global logistics hubs, organisations in the region may face heightened exposure.

Key Cyber Threat Trends Affecting GCC Organisations

Recent intelligence reporting highlights several consistent themes:

State‑aligned and politically motivated cyber activity: There has been increased state-aligned and politically motivated cyber activity. Sophisticated actors continue to target organisations in strategically important regions, including the GCC, often focusing on disruption, intelligence gathering, or influence. Recent incidents such as the March 2026 cyberattack on Stryker⁷ demonstrate that such actors may deliberately erase devices and destroy data to cause disruption or advance geopolitical objectives, even where there may be no clear economic benefit. Earlier this year, the Head of the Council commented that threat intelligence analysis demonstrates that a significant portion of the attacks against entities in the UAE have been carried out by state-sponsored advanced threat groups, together with so-called hacktivist groups and cybercriminals.⁸ In February 2026, the Council also announced that the national cybersecurity system had successfully thwarted “organised cyber-attacks of a terrorist nature” that targeted the UAE’s digital infrastructure and critical sector in an “attempt to destabilise the nation and disrupt essential services”.⁹ These developments underscore that cyber threats in the region are not only increasing in volume but are becoming more coordinated, strategic, and closely tied to broader geopolitical objectives.

Targeting of critical and systemically important sectors: There has been clear targeting of critical sectors. For example, energy, utilities, financial services, and transport/logistics remain priority sectors due to their systemic importance. Indeed, the Head of the Council noted that since the beginning of 2026, 128 cyber threat incidents targeted entities across the UAE, with government administration, financial services and banking being among the most targeted sectors (accounting for 9.4% and 9.3% of cyberattacks, respectively).¹⁰

Ransomware and data exfiltration risks: Ransomware and data exfiltration have increased with ransomware attacks increasingly involving data theft and extortion, creating legal and regulatory exposure alongside operational disruption. For example, Cyble (a global AI-native cybersecurity company specialising in threat intelligence and digital risk protection) reported that ransomware groups targeting GCC nations have intensified in 2024 and 2025 with such actors being well versed in exploiting vulnerabilities and ransomware as a service (RaaS) models.¹¹ The Council also warned of the rising risks associated with remote working, noting that remote-work related cyber incidents have increased by over 40% in recent years as hackers pivot to targeting home environments in addition to central systems.¹²

Heightened supply chain and third‑party exposure: Supply chain and third-party risk is further heightened, with vulnerabilities in vendors and service providers continuing to provide entry points for attackers. National regulators in GCC have recognised this risk in formal cybersecurity controls and compliance frameworks: Saudi Arabia’s National Cybersecurity Authority’s Cloud Cybersecurity Controls explicitly require risk assessments, documentation and compliance verification for third‑party providers.¹³ Similarly, Bahrain’s National Cyber Security Center has established comprehensive baseline cybersecurity controls that impose detailed requirements for third-party risk management. These include obligations to define security requirements in contracts with third parties, conduct risk assessments for outsourced services, and monitor and audit third-party activities to ensure compliance with agreed cybersecurity standards.¹⁴ In the financial sector, the Abu Dhabi Global Market’s Cyber Threat Report highlights that adversaries exploit vulnerabilities in third‑party systems to gain unauthorized access to institutional networks, further demonstrating that supply chain compromise is a real attack vector being tracked by regulators.¹⁵

Increasingly sophisticated attack techniques, including AI‑enabled threats: Recent years have witnessed increasingly sophisticated attack methods. For example, threat actors are leveraging automation and artificial intelligence (AI) to enhance phishing, credential harvesting, and attack scalability. Whilst certain AI tools create opportunities to enhance cyber defenses, other AI tools have been used maliciously to create more sophisticated malware, automate phishing and social engineering attacks, making it easier for threat actors to execute their attacks. Deepfake enabled voice and video impersonation is increasingly being used to support payment fraud and business email compromise, particularly where senior executives or government linked entities are targeted. The Council has reported that recent cyber incidents targeting the UAE involved the use of AI to develop sophisticated offensive tools. According to the UAE Cybersecurity Council, these campaigns included systematic phishing operations, ransomware deployment, and coordinated attempts to infiltrate national platforms, reflecting a “qualitative shift” in the methods and capabilities of threat actors.¹⁶ This further emphasises the need for organisations to treat AI and associated cybersecurity and privacy risks as an operational resilience issue, with clear and comprehensive governance structure, employee training, and technical controls to prevent inadvertent disclosures and ensure compliance with data protection obligations.

Recommended Actions

In light of the above, organisations should consider promptly taking certain measures, both immediately and in the short to medium term.

Immediate Actions to Reduce Immediate Exposure

Akin recommends the immediate actions below as a starting point for resilience to targeted cyber-attacks:

• Enforce multi-factor authentication across critical systems
• Review and strengthen identity and access management controls
• Review cyber insurance coverage against evolving threat scenarios and engage with policy providers regarding “Acts of War” exclusions (as applicable)
• Implement or refine network segmentation
• Accelerate patch management and vulnerability remediation
• Implement email authentication controls and disable legacy authentication controls that may be exploited
• Enhance monitoring, detection and response capabilities (including implementing endpoint detection and response across all endpoints)
• Engage specialised cybersecurity support where appropriate

In addition to the immediate risk mitigation steps outlined above, organisations may also wish to reflect on broader short‑ and medium‑term considerations relevant to preparedness, resilience and recovery in light of the evolving threat landscape. These steps may include, for example, testing and updating incident response plans and strengthening backup and recovery arrangements.

Governance, Legal and Regulatory Oversight Measures: Actions for Senior Management and Boards

Cyber risk is increasingly a matter of board-level accountability across GCC jurisdictions. Senior management should therefore:

• Ensure that cyber risk is integrated into enterprise risk management frameworks, with clear reporting and escalation mechanisms. In Bahrain, the National Cyber Security Center’s baseline cybersecurity controls explicitly provide that senior management should be held accountable for the cybersecurity function, including defining and approving the scope of penetration testing, approving and owning a specific cybersecurity policy and being aware of risks associated with using applications with vulnerabilities.¹⁷
• Actively identify where cybersecurity weaknesses lie, ensure that cybersecurity systems and controls have been implemented and keep informed about the effectiveness of these systems and controls and the need for updates or changes.
• Ensure compliance with applicable cybersecurity and data protection frameworks, which continue to evolve across the GCC.
• Assess contractual exposure under customer, supplier and outsourcing agreements, particularly where service levels or data protection obligations are affected.
• Ensure effective incident response, including timely notification and stakeholder communication.

More generally, increasing employee awareness, particularly regarding cyber risks, can help mitigate risks. For example, in April 2026, the Council warned of increased cyber risks associated with email fraud (with 75% of cyber breaches reportedly beginning with a phishing email or fraudulent message), emphasizing the importance of exercising diligence when receiving emails.¹⁸ The Council reiterated that the “human element remains the first line of defence” with individual awareness and prompt reporting of attacks serving to protect digital systems.¹⁹ The Saudi Arabia National Security Authority reported that there were over 21,000 cybersecurity professionals in Saudi Arabia as of 2024, highlighting the human capital required to manage evolving risks across critical infrastructure and supply chains.²⁰

Footnotes

1. https://www.wam.ae/en/article/byswxn8-714-cyber-threats-targeting-uae-state-sponsored 

2. https://www.ncsc.gov.uk/news/ncsc-issues-warning-over-hacktivist-groups-disrupting-uk-organisations-online-services; https://www.cisa.gov/news-events/alerts/2025/06/30/cisa-and-partners-urge-critical-infrastructure-stay-vigilant-current-geopolitical-environment 

3. https://www.bis.gov/media/documents/dlthty-nov-2024-1-7-25 

4. https://www.weforum.org/publications/global-cybersecurity-outlook-2026/in-full/executive-summary-6efae97d74/#executive-summary-6efae97d74 

5. https://www.weforum.org/publications/global-cybersecurity-outlook-2026/in-full/3-the-trends-reshaping-cybersecurity/ 

6. https://nca.gov.sa/en/news/1942/ 

7. https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html#:~:text=from%20Stryker's%20environment .-,03/19/2026%205:54%20p.m.%20ET,systems%20and%20associated%20applications%2C%20including

8. https://www.wam.ae/en/article/byswxn8-714-cyber-threats-targeting-uae-state-sponsored 

9. https://www.wam.ae/en/article/byup8x8-uae-cybersecurity-council-announces-systematic 

10. https://www.wam.ae/en/article/byswxn8-714-cyber-threats-targeting-uae-state-sponsored 

11. https://cyble.com/knowledge-hub/inside-the-gccs-cyber-threats-ransomware-dark-web/ 

12. https://www.wam.ae/en/article/bzbytjt-uae-cybersecurity-council-warns-remote-work-drives 

13. https://cdn.nca.gov.sa/api/files/public/upload/6d5408a3-d8e6-4e96-963b-2c7198e5b7c2_CCC-2-2024-EN-.pdf 

14. https://www.ncsc.gov.bh/assets/images/baseline_cybersecurity_controls_v1_80828fdb7d.pdf 

15. https://assets.adgm.com/download/assets/Cyber+Threat+Report+-+UAE+Financial+Sector+Landscape+%28Full+Paper%29+-+FINAL+%28S%29.pdf/d6966468a65b11ef9529924f4df56ec6 

16. https://www.wam.ae/en/article/byup8x8-uae-cybersecurity-council-announces-systematic 

17. https://www.ncsc.gov.bh/assets/images/baseline_cybersecurity_controls_v1_80828fdb7d.pdf 

18. https://www.wam.ae/en/article/bzkavgz-uae-cyber-security-council-75-cyberattacks-start 

19. https://www.wam.ae/en/article/bzbytjt-uae-cybersecurity-council-warns-remote-work-drives 

20. https://cdn.nca.gov.sa/api/files/public/upload/6abab738-7c27-4692-a2f9-f746e857ada1_Report-on-Key-Economic-Indicators-in-the-Cybersecurity-Sector-2025-.pdf