Email Security

    State of Email Security 2023: Cyber Risks Grow in UAE, Saudi Arabia

    Digital transformation and increasing cyber risk go hand-in-hand in the United Arab Emirates and Saudi Arabia, according to Mimecast’s annual report.

    by Werner Gevers

    Key Points

    • Cybersecurity is playing a key role in economic transformation efforts in the UAE and Saudi Arabia.
    • Survey respondents in the Gulf states are concerned about the growing complexity and volume of cyberthreats.
    • Increasing usage of email and collaboration technologies has expanded the attack surface for companies in the region.

    Technology leaders in the United Arab Emirates (UAE) and Saudi Arabia are preparing for a future in which today’s cyberthreats may seem relatively tame.

    In the last few years, the UAE has been working to transform its economy by increasing digitalization and focusing on knowledge-based industries. Saudi Arabia, meanwhile, has been investing heavily in so-called “giga projects” to stimulate broader economic growth and develop the Kingdom’s digital infrastructure.[1] Digital transformation in the region has had the unintended (but not surprising) effect of increasing the cyberattack surface. And the rapid pace at which these changes have been occurring has left cybersecurity an afterthought in many cases, according to IT decision makers in the two Gulf states.

    The challenges of balancing increased digitization and the attendant growth in cyber risk and complexity are reflected in Mimecast’s new State of Email Security 2023 (SOES 2023) report. Drawing on a survey of CISOs and other IT professionals in late 2022 across 12 industrial sectors and 13 countries, the report examines the primary source of cyberattacks — email — as well as rising threats associated with the use of collaboration platforms. 

    More respondents in the UAE are concerned about the increasing sophistication of email attacks than any other country surveyed other than the United Kingdom. And well over half of those in Saudi Arabia cite the increasing volume of email attacks as a major challenge.

    These and other regional findings from the global SOES 2023 survey further a discussion of cyber risk and defenses in the Middle East at a time when cybersecurity concerns have caused about two-thirds of companies in the UAE and Saudi Arabia to postpone or even cancel a digital transformation initiative.[2] To ensure the smooth path to digitization and thus innovation and progress, both Middle Eastern countries are looking to education, collaboration, technology, and security awareness training to counter not only the threats in front of them today, but also the ones that are sure to increase in size and complexity in the future.

    Top-Level SOES 2023 Findings: Email Volumes, Attacks Grow 

    The UAE and Saudi Arabia are not alone in the threats they face and the manner they are dealing with them, but there are some ways in which their responses set them apart from the rest. An overwhelming majority of respondents in both countries — 86% in Saudi Arabia and 84% in the UAE — indicate that it’s likely their organization will suffer a negative business impact from an email-borne attack in 2023. Only respondents from France (86%) and the U.S. (80%) have a similar percentage of respondents saying as much. Interestingly, however, Saudi Arabia was the only country in the survey with no respondents indicating that such an impact was inevitable.

    Other notable results point to:

    • More Email: Around nine in ten respondents in both the UAE and Saudi Arabia report increasing volumes of email over the previous year. That’s higher than the 82% average among respondents globally as well as an increase over the previous year.
    • Increased Threats: More email naturally leads to more email-based threats. Around three-quarters of UAE respondents say that that email-borne threats had risen during the previous 12 months, an increase from the 68% who said so in the prior year’s survey. In Saudi Arabia, two-thirds of respondents note a rise in email threats during the previous year, up from 58% who reported an increase in the 2022 report.
    • Greater Complexity: Seven in 10 UAE respondents say the growing sophistication of cyberattacks will be one of their organizations’ biggest security challenges in 2023 — the second highest percentage globally behind the U.K. (73%). In Saudi Arabia, 46% of respondents cite this challenge.
    • More Attacks Ahead: Fifty-eight percent of respondents in Saudi Arabia say that increasing volumes of cyberattacks will be one of their major challenges in the year ahead, while 46% of UAE pros say so.
    • Ongoing Ransomware Impact: The majority of Middle East respondents note some business impact from ransomware over the last year. However, fewer respondents in Saudi Arabia reported a ransomware impact in the SOES 2023 report (66%) than did in the SOES 2022 report. Conversely, the percentage of UAE respondents whose company was impacted by ransomware rose from 60% in the SOES 2022 report to 72% in the SOES 2023 report.
    • Insufficient Funding: Around six in ten respondents in Saudi Arabia and the UAE say their companies should spend more on cybersecurity, in line with results from around the globe. However, the gap between current and ideal spending is slightly smaller than in other regions at between five and six percent. 

    Collaboration Tools Represent a Rising Threat

    It’s clear that IT and cybersecurity leaders have a lot to worry about when it comes to email, but they must also devote security resources to another growing threat: collaboration tool compromise. M365, Google Workspace, and Slack help enable workers to communicate, share documents, and manage projects, especially in hybrid and remote work environments. SOES 2023 survey respondents — including those in Saudi Arabia and the UAE — overwhelmingly agree that collaboration tools are essential to the well-ordered functioning of their companies. 

    Cyberattackers have jumped on this opportunity, and more than eight in 10 respondents in Saudi Arabia and the UAE expect their companies to be harmed by an attack linked to a collaboration tool. Respondents indicate that end-users will play a role in the amount of risk these tools carry, with around one-third of those in Saudi Arabia and the UAE saying that there is a high or extremely high risk of an employee making a security mistake while using collaboration tools.

    Fighting Cyber Fire with Fire

    Companies around the globe expect cybercriminals to continue to take advantage of increasingly sophisticated capabilities, like machine learning and AI, to develop even more efficient ways to infiltrate corporate systems and wage social engineering attacks. But what’s good for cybercriminals is even better for companies defending against them.

    In fact, 100% of respondents in both the UAE and Saudi Arabia say their organizations is currently using machine learning or AI in their cybersecurity programs or plan to in the next year or beyond, compared with 92% of respondents overall. However, the most important benefits for respondents vary by country. UAE companies cite reduced human error within the wider company and reduced workload for the cybersecurity team as most valuable, while those in Saudi Arabia point to increased threat detection accuracy and faster threat remediation time. 

    Cognitive capabilities aren’t the only investments being made to increase cybersecurity and resiliency in the Middle East region. The UAE, for example, is planning to significantly increase cybersecurity skills capacity. The recently announced Cyber Pulse Innovation Lab at Abu Dhabi Polytechnic is designed to train students to recognize and respond to emerging cyberthreats and to help fill the country’s high demand for cybersecurity jobs.[3] In Saudi Arabia, the minister of communication and information technology is calling for greater reskilling in the face of cyberattacks that leverage emerging technologies such as quantum computing.[4]

    National and international collaboration will also be key for the UAE and Saudi Arabia. 

    For example, the United States and four allies in the Middle East (including the UAE) and North Africa recently announced that they are formally expanding the 2020 Abraham Accords to include increased information sharing on cybersecurity threats.[5] The announcement came about six months after President Joe Biden’s trip to the Middle East, during which he pledged support to improve cyber cooperation with Saudi Arabia and Israel.[6]

    The Bottom Line

    The UAE and Saudi Arabia are attempting to transform their economies. Their ability to do so — and the pace at which they can do it — will depend largely on their cybersecurity and resiliency. Email and collaboration tools continue to grow in usage and as prime targets for cybercriminals. UAE and Saudi Arabian respondents to the SOES 2023 survey note the importance of increasing their cyber defenses — and budget — in these and other areas. Read the global State of Email Security 2023 report to learn more.


    [1]Saudi Giga Projects,” Public Investment Fund

    [2]Bridging the Divide: Digital Transformation and Cybersecurity in Saudi Arabia and United Arab Emerites,” Mimecast

    [3]UAE Building Cyber Security Fortress for a Safer World,” Business Chief

    [4]World Needs New Tack against Emerging Cyber Threats,” Arab News

    [5]The Abraham Accords Expand with Cybersecurity Collaboration,” The Washington Post

    [6]US, Middle Eastern Allies Include Cyber Collaboration in Abraham Accords,” The Hill

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page