In an era of increasing digitalisation, understanding the significance and impact of cybersecurity has become paramount. The global cyber threat has become considerably more complex, with state actors and criminal groups operating in increasingly sophisticated ways. According to estimates reported by Cybersecurity Ventures, the financial losses resulting from cybercrime around the world are projected to reach 10.5 trillion (USD) annually in 2025, and global spending on cybersecurity is expected to amount to 1.75 trillion (USD) between 2021 and 2025. The proliferation of threats has compelled companies and institutions to prioritise cybersecurity measures. As cybersecurity and cyber resilience analyst, Federica Nisticò observed that ‘cyber threats are not a matter of if, but a matter of when,’ echoing the famous maxim of former Cisco CEO John Chambers, who argued that ‘there are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.’

Beyond the economic toll, the growing incidence of cyberattacks targeting government institutions has elevated cybersecurity to a matter of national security. In this context, GCC countries are redefining cybersecurity paradigms in response to a worrying and new threat landscape. According to Dr Mohamed Al Kuwaiti, Head of the UAE Cyber Security Council (CSC), the average cost of cyberattacks in GCC countries is $6.93 million (USD) per incident, which is $4.2 million (USD) higher than the global average. During the GITEX 2024 event in Dubai, Al Kuwaiti further emphasised the severity of the situation by noting that the UAE experienced 71 million cyberattacks during the initial quarter of 2024.

In this context, countries in the region have embarked on an ambitious process of strengthening digital defences, placing cybersecurity at the centre of the political and economic agenda. The head of the CSC stated that UAE investments in the sector amount to more than $2 billion (USD) and reiterated the crucial role of the new five-year UAE National Cyber Security Strategy, approved in February 2025. This strategy was made to foster a secure and resilient digital ecosystem and it has been built on five key pillars: governance; protection; innovation; capacity building; and partnership. Each pillar aims to enhance the ability to safely adopt emerging technologies while contrasting associated risks.

A core element of the strategy is its emphasis on cyber resilience—a concept that extends beyond traditional cybersecurity. As Nisticò explained, cyber resilience can be conceptualised as ‘what is left after criminals have breached the guarding walls erected by cybersecurity’ and ‘the system that allows us to protect the crown jewels in the castle.’ Adopting a pragmatic approach, recognising that ‘cyberthreats are not a matter of if, but a matter of when,’ cyber resilience emphasises the ability of an organisation to function effectively during and after a cyber attack, ensuring swift recovery and effective incident management. This strategic and long-term vision has enabled the UAE to rank among the top-scoring member countries of the UN in the International Telecommunication Union’s Global Cybersecurity Index 2024.

Partnerships form a cornerstone of the UAE’s National Cybersecurity Strategy. In a March 2025 interview for Economy Middle East, Al Kuwaiti remarked how ‘due to the transnational nature of cyber threats, international cooperation is indispensable for sharing intelligence, resources and best practices.’ Regionally, cooperation is enshrined in the 2022 GCC Ministerial Committee for Cybersecurity developed to create safe cyberspace environment to protect the GCC countries from cyber threats. To deepen this effort, the Committee launched the Gulf Cybersecurity Strategy 2024-2028 in 2024.

A notable initiative in the broader MENA region is “Crystal Ball”—an intelligence-sharing platform launched in 2024 through a joint effort between the UAE CSC and the Israeli National Cyber Directorate. This platform is part of the framework of the International Counter Ransomware Initiative (CRI), introduced under the auspices of the US and composed of 68 member countries. It has already enabled the sharing of crucial information on attacks perpetrated by the Russian hacker group Lockbit and APT42, an Iranian state-sponsored cyber espionage actor.

The UAE’s commitment to securing its cyberspace is driven by the understanding that investment in this sector offers significant potential for growth. Indeed, in 2024 the GCC cybersecurity market size reached 5.7 billion (USD) and, according to IMARC Group estimates, will reach 9.0 billion (USD) by 2033, exhibiting a growth rate of 5.1% over the period 2025-2033, In this way, by aligning security with economic opportunity, the UAE is turning cybersecurity into a catalyst for regional growth and innovation.