A new report warns that Middle East governments' push to digitise critical infrastructure and citizen services, along with the effects of rising geopolitical tension, mean that cybercrime activity in the region is likely to “increase in scale and complexity”.
The report, compiled by cyber threat research firm Positive Technologies, also noted that social engineering – the process by which cyber criminals convince people to share personal data – was one of the most popular cyber crime tactics, resulting in successful attacks throughout the region.
Malware, denial-of-service (DDoS) attacks and the exploitation of cybersecurity loopholes were also among the methods used for cyber crimes in the Middle East.
Positive Technologies – which analysed data from Bahrain, Egypt, Israel, Jordan, Iraq, Yemen, Qatar, Kuwait, Lebanon, the UAE, Oman, Palestine, Saudi Arabia and Syria between 2024 and the first quarter of 2025 – said that the report is likely to be an underestimate of the true extent of threats in the region, due in part to social stigma.
“We estimate that most cyberattacks are not made public due to reputational risks,” it said.
“As a consequence, even companies specialising in incident investigation and analysis of hacker activity are unable to quantify the precise number of threats.”
Among the entities most affected by cybercrime throughout the region, governments ranked near the top, followed by manufacturing facilities, individual users and military groups.
The report also warned that the dark web, part of the internet not readily visible by search engines and often requiring the use of an anonymous browsing software to access, also posed threats to regional countries. The study noted that the UAE, Saudi Arabia, Israel and Qatar were among the countries most mentioned on the dark web. These countries lead the region in the digitisation of government services.
“The large number of listings offering stolen data from these countries underscores the challenge of securing a rapidly expanding digital landscape, something cybercriminals are heavily exploiting,” the analysis said.
Positive Technologies forecast that as a result of AI and high-performance semiconductors, the knowledge threshold for those seeking to commit cyber crimes had been lowered, adding to the overall likelihood that the region would see an increase in criminal cyber activity.
“Governments in the Middle East should pay close attention to malicious activity targeting critical infrastructure, financial institutions and public agencies, as such threats may lead to serious consequences for national security and state sovereignty,” the report said.
In recent months, the UAE, one of the biggest advocates for the digitisation of government services in the Middle East, announced efforts to bolster defences against cyber crime.
Government officials in the country recently announced the creation of a Cyber Security Centre of Excellence, with support from Google.
That centre is expected to involve the creation of more than 20,000 jobs and help to attract foreign investment estimated at $1.4 billion by 2030.
In an interview with The National last month, Mohamed Al Kuwaiti, head of the UAE's Cybersecurity Council, said that not only was the UAE committed to leading in the fight to bolster cyber security, but it was also pushing to be a “net exporter of cyber security talent”.
“Our goal is to empower every individual – from CEOs to students – to understand their role in safeguarding the digital space,” he said.
