UAE Firms Face Rising Cyber Risks Despite Strong Security Intent, Study Finds

(MENAFN- Khaleej Times) UAE organisations are facing mounting cybersecurity risks despite widespread confidence in their ability to respond to attacks, according to a new global workforce password security study sponsored by Zoho.

The report found that more than 45 per cent of organisations in the UAE experienced a cyberattack over the past year, underscoring the growing vulnerability of businesses as digital transformation and artificial intelligence adoption accelerate across the economy. While most UAE firms say they have tools in place to detect and respond to threats, persistent weaknesses in identity security continue to pose significant risks.

Recommended For You

According to Zoho's State of Workforce Password Security 2026 report, 96 per cent of respondents in the UAE believe they have the necessary cybersecurity tools to respond to attacks, including real-time threat detection and endpoint protections. However, only a minority have full visibility and control over workforce identities, leaving many businesses exposed to credential theft, excessive privileges and unmanaged access.

“UAE is one of the leading countries in digitalisation and AI adoption in the region, which makes it a target for cyberattacks,” said Hyther Nizam, chief executive officer of Zoho Middle East and Africa.“Most enterprises are showing strong security readiness, with proactive and reactive capabilities in place, but identity security remains the most critical gap that organisations need to address.”

The study highlights uneven progress in the adoption of core cybersecurity frameworks. Around 80 per cent of UAE enterprises surveyed said they have a zero trust strategy in place, indicating growing maturity in security thinking. However, only 22 per cent reported fully achieving zero standing privileges, while close to 60 per cent said they were only partially there and 18 per cent admitted they were still not close to meeting that standard.

Basic security controls also remain under-deployed. The report found that more than 45 per cent of UAE organisations have yet to adopt multi-factor authentication or enterprise password management solutions, while over 40 per cent lack identity and access management tools altogether. Adoption gaps widen further for advanced controls such as device management, secure browsers and passkeys.

“Governing who has access to what, and under what conditions, is foundational to modern cybersecurity,” Nizam said.“Without strong identity visibility, organisations leave unnecessary entry points open for attackers, often through compromised credentials or excessive privileges that go unnoticed.”

Despite these weaknesses, investment momentum appears strong. More than 76 per cent of UAE respondents said they plan to increase their cybersecurity budgets over the next five years, reflecting heightened board-level awareness of cyber risks.

Artificial intelligence is also playing a growing role, with 53 per cent of organisations in the UAE already using AI-powered security tools and nearly two-thirds believing AI can significantly enhance security posture. However, the report warns that advanced technologies cannot compensate for gaps in identity governance.

As the UAE continues to position itself as a digital and AI-driven economy, the study concludes that closing identity security gaps will be essential to translating strong security intent into long-term cyber resilience.

MENAFN14052026000049011007ID1111117757