Middle East organisations most confident of their cyber resilience

Organisations in the Middle East are the most confident when it comes to tackling major cyber incidents, according to a new World Economic Forum report. Nearly 72 per cent of organisations in the region are confident of their ability to thwart significant cyber attacks – ahead of North America (65 per cent), Oceania (50 per cent), Europe (50 per cent), Asia (40 per cent), Africa (36 per cent) and Latin America (18 per cent). The findings come as the forum highlights growing challenges in cyberspace, driven by escalating complexities. In its Global Cybersecurity Outlook 2025 report, the WEF emphasised that these complexities are widening the gap between large and small organisations, as well as between developed and emerging economies. While 54 per cent of large organisations cite supply chain interdependencies as their top cyber resilience barrier, 35 per cent of small organisations believe their defences are inadequate – a seven-fold increase since 2022. Disparities across regions are also stark. Only 15 per cent of respondents surveyed in Europe and North America lack confidence in their countries’ abilities to counter major cyber incidents, compared to 36 per cent in Africa and 42 per cent in Latin America. The public sector is disproportionately affected, with 38 per cent of respondents reporting insufficient resilience, compared to just 10 per cent of medium-to-large private sector firms. The report is based on a survey conducted between September 2 and October 11, collecting responses from 321 participants across 57 countries. To supplement quantitative findings, 43 one-on-one interviews with C-suite executives, industry leaders, and academics were also conducted. The cyberspace complexity arises from the rapid growth of emerging technologies, prevailing geopolitical uncertainty, the evolution of threats, regulatory challenges, vulnerabilities in supply chain interdependencies and the growing cyber skills gap, WEF found. Geopolitical tensions have significantly influenced cybersecurity strategies, with nearly 60 per cent of organisations adjusting their plans to account for threats such as cyber espionage and intellectual property theft. One in three chief executives now considers these risks to be top concerns, while 45 per cent of cyber leaders are concerned about the disruption of operations and business processes. “Cyberspace is more complex and challenging than ever due to rapid technological advancements, growing cyber criminal sophistication, and deeply interconnected supply chains,” said Jeremy Jurgens, managing director at WEF. He emphasised the need for public and private sector collaboration to enhance resilience. Supply chain complexities have emerged as one of the top risks, intensified by a lack of transparency into suppliers’ security protocols. The report showed how interconnectedness – while critical for global business operations – introduces vulnerabilities that can develop across networks. Major concerns include software weaknesses introduced by third parties, and the ripple effects of cyber attacks. The increasing opaqueness of supply chains creates a risk landscape that is unpredictable and difficult to manage, the report said. These challenges highlight the urgent need for businesses to adopt robust security measures and continuously monitor their supply chain ecosystems, it added. Artificial intelligence is a double-edged sword for cybersecurity. While 66 per cent of organisations expect AI to play a pivotal role in enhancing security measures, only 37 per cent have established processes to evaluate AI tools before deployment. This disconnect poses risks as AI-driven technologies are rapidly integrated into systems without sufficient safeguards. The report also warned of AI’s role in augmenting cyber criminal activities, enabling faster and more targeted attacks. Ransomware attacks and phishing scams have surged, with 42 per cent of organisations reporting incidents in the past year. The evolving threat landscape also reflects an alarming surge in the capabilities of criminals. The growing use of generative AI has made incidents involving ransomware, phishing and social engineering attacks more scalable and sophisticated. Nearly 47 per cent of organisations cited generative AI-powered adversarial advancements as a primary concern, with 72 per cent reporting an overall rise in cyber risks. Although regulatory frameworks are seen as essential for bolstering cybersecurity, their fragmentation across jurisdictions creates compliance challenges. More than 76 per cent of chief information security officers surveyed at WEF’s 2024 annual meeting on cybersecurity reported that the fragmentation of regulations introduces significant compliance challenges. Almost 71 per cent of cyber leaders at the meeting believe that small organisations have reached a critical tipping point where they can no longer adequately secure themselves against cyber risks. Adding to the burden is a widening cyber skills gap. Since 2024, the gap has grown by 8 per cent, with two-thirds of organisations struggling to find the talent needed to meet their security demands. Only 14 per cent of organisations are confident they have the people and skills they need. Public sector organisations are particularly affected, with nearly half reporting insufficient staff to meet their cybersecurity objectives. However, medium-to-large private organisations face fewer workforce shortages, highlighting inequities in cyber resilience. WEF is calling for a shift from traditional cybersecurity approaches to comprehensive cyber resilience strategies that focus on mitigating the impact of incidents rather than solely preventing them. The forum emphasises the importance of assessing risks through a socioeconomic lens, ensuring resources are allocated effectively to address inequities. The need for cross-border collaboration also emerged as a critical theme. Citing the 2022 cyber attacks on Costa Rica, Paula Bogantes Zamora, the country’s Minister of Science, Innovation, Technology and Telecommunications, emphasised the importance of regional partnerships. These attacks “underscored the need for a fundamental shift in recognising cybersecurity as a critical investment for the future”, she said in the report, and called for collective efforts to build resilient systems. WEF’s report emphasises the need for a comprehensive re-evaluation of cyber strategies, with a focus on bridging gaps between regions, sectors and organisations of different sizes.

Middle East organisations most confident of their cyber resilience

World Economic Forum report reveals widening cybersecurity gulf between developed and emerging economies