Global Digital Trust Insights: Middle East findings 2025

15%

of organisations in the region have suffered data breaches costing more than US$100,000
40%

of tech leaders in the Middle East have made data protection their top investment priority
73% point

of organisations in the Middle East view cybersecurity as a strategic asset

As the Middle East advances in AI and cloud technologies, achieving cyber resilience is more critical than ever. Business leaders must integrate robust cybersecurity measures into strategic planning, push for stronger regulatory frameworks, and address emerging risks by leveraging new technologies and investing in resources to secure the future of their organisations.

Introduction

In the Middle East, rapid advancements in artificial intelligence (AI), widespread adoption of cloud technologies and a shifting regulatory landscape - coupled with an expanding IT attack surface - mean achieving cyber resilience is now more critical than ever.

This urgency is underscored by the findings of the 2025 Global Digital Trust Insights: Middle East findings, which has surveyed 121 business and technology leaders from the region. It reveals a robust confidence in the region’s proactive cybersecurity measures, with nearly half of the organisations already have dedicated resilience teams in place – well above the global average.

As the region accelerates its digitisation efforts, fuelled by ambitious national transformation programmes, cybersecurity becomes essential to safeguarding economic growth and innovation. But progress also brings new vulnerabilities and threats. Significant gaps still remain, with many organisations still unprepared for cloud related threats, hack-and-leak operations, and third-party breaches.

Additionally, slow response times and limited collaboration between cybersecurity teams and other business functions expose further risks. While there is a need to integrate cybersecurity into strategic planning at the organisation level, executives must collaborate with regional leaders and push for a stronger unified regulatory framework to mitigate evolving threats and ensure the region’s continued digital success.

Our 2024 report had also identified critical cyber risks, including the need to strengthen controls across all areas, such as identity and access management. Mitigating cyber risks were a top priority for almost half of the regional respondents, even surpassing concerns about macroeconomic volatility, inflation, and geopolitical risks.

Digital and technology risks take centre stage for organisations in the Middle East, with 55% of respondents of our 2025 Digital Trust Insights survey prioritise mitigation of these risks over the next 12 months, compared to 53% globally. Cyber risks follow closely, with 42% of organisations in the region prioritising them for the next year. An equal number focused on inflation (42% vs 48% globally) and macroeconomic volatility (42% vs only 30% globally), significantly higher than 20% of organisations who view geopolitical risks as a key concern.

"Integrating cybersecurity across all business functions and establishing a robust AI framework are pivotal for enhancing regional security and fostering innovation against the backdrop of rapid digitisation we are seeing in the region. Collaboration between business leaders, regulators, and industry peers is essential to create resilient regulations that safeguard economies, organisations, and individuals while driving technological progress in the Middle East."

Samer Omar, Cybersecurity and Digital Trust Leader at PwC Middle EastPwC Middle East Cyber Leader quote

Aligning cyber and business agendas: Middle Eastern business and tech leaders focus on strategy and data protection

Nearly a quarter of Middle Eastern organisations plan to increase cyber budgets by at least 11% in 2025, compared to 20% globally, the 2025 Digital Trust Insights survey reveals interesting differences in investment priorities between business and tech leaders in the region.

Middle East CEOs, CISOs, and boards in sync

In the Middle East there is a significant emphasis on cybersecurity and privacy at both executive and board levels, with greater involvement from leadership compared to global counterparts.

41% of regional respondents reported that their CEOs were involved in discussions about the cyber and privacy implications of new business initiatives, higher than their global counterparts. Findings also reveal that CEOs discussed cyber and privacy concerns for future corporate strategies, major operating model changes, as well as deal making.

A significant 61% indicated that their CISOs were involved to a large extend in strategic planning with CFOs about cyber investment, higher than 47% globally. More than half revealed that CISOs also had regular meetings with the board, compared to 46% globally. An equal percentage said the CISO had oversight on tech and infrastructure deployment, higher than 45% globally.

At the highest level, the board, 50% agreed that the board was very effectively involved in cyber strategy, higher than 47% globally. More than half also said the board had a cyber risk oversight, compared to 46% globally.

The strong involvement of CEOs, CISOs, and boards in Middle Eastern organisations reflects a proactive approach to integrating cybersecurity into strategic planning, making them more resilient to evolving threats. Additionally, the collaboration between CISOs, CFOs, and boards fosters a holistic approach, aligning financial, technical, and risk management perspectives, resulting in better budgeting, strategic investments, and faster technology adoption.

Organisations look to GenAI and emerging technologies to continue strengthening cyber defence

At a time of heightened cybersecurity concerns in the Middle East, teach leaders are anticipating GenAI’s positive impact on cyber defence. In our Middle East GenAI spotlight, a staggering 83% of Middle East respondents (including 92% in the UAE and 87% in the KSA) had revealed that their organisations would deploy GenAI tools for cyber defence within the next 12 months, compared to 69% globally. Since GenAI can help by bringing together data from various sources, it can help organisations to quickly identify vulnerabilities, prioritise actions and see connections across the entire attack surface.

GenAI, therefore, continues to gain traction as a means of cyber defence across the Middle East. Our latest survey respondents in the region have prioritised it for malware and phishing detection (52%), threat detection and response (46%), security log analysis, and vulnerability management (both at 39%) over the next 12 months. Fraud detection has emerged as a key use case for GenAI in the Middle East’s financial services sector.

Building cyber resilience: A strategic approach to growth and security

Cyber resilience a critical strategy for organisations to protect its digital assets. It acknowledges that no system, regardless of its strength, is immune to vulnerabilities and focuses on an organisation’s ability to sustain core operations not only during a cyberattack but also throughout the recovery process.

In the Middle East, organisations increasingly view cybersecurity as a strategic asset, positioning it as a competitive advantage to build customer trust (73% vs 57% globally), drive brand integrity and loyalty (64% vs 49% globally) and strengthen business growth opportunities (52% vs 46% globally) to a large extent.

Regulation and leadership: Driving cybersecurity resilience through robust governance

Given the increasing speed in which cyber attackers are now exploiting security vulnerabilities, compliance with evolving cybersecurity regulations is a top priority for Middle Eastern organisations.

In our latest survey regional respondents have shown a greater confidence (extremely and very confident) in their organisation’s ability to comply with regulations related to data protection (72%), consumer privacy (68%) and network and information security (68%), than their global counterparts. Findings have also revealed that a quarter of respondents regionally (25%) have expressed only moderate confidence in their organisation’s ability to comply with AI- and resilience-related regulations, implying that more needs to be done in this area.

About the survey

The 2025 Global Digital Trust Insights is a survey of 4,042 business and technology leaders conducted in the May through July 2024 period.

A quarter of leaders are from large companies with $5 billion or more in revenues. Respondents operate in a range of industries, including industrials and services (21%), tech, media, telecom (20%), financial services (19%), retail and consumer markets (17%), energy, utilities, and resources (11%), health (7%) and government and public services (4%).

Respondents are based in 77 countries. The regional breakdown is Western Europe (30%), North America (25%), Asia Pacific (18%), Latin America (12%), Central and Eastern Europe (6%), Africa (5%) and Middle East (3%).

The Global Digital Trust Insights Survey had been known as the Global State of Information Security Survey (GSISS). Now in its 27th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives.

PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey.