We received a lot of exciting news from the UAE over the past week. Criminals exposed information about Emirati citizens' brokerage accounts and Wizz Air Abu Dhabi, an airline. The Cyber Security Council has unveiled 5 pillars of the National Cybersecurity Strategy. What will be the point of UEA’s cybersecurity attention in the upcoming years? Let’s dive in!

A major data leak affected the UAE’s citizens. Criminals exfiltrated sensitive personal and financia data from an interactive brokerage platform. According to the news, information includes records about a wide range of accounts, with deposits ranging from $250 to over $100,000.

There is no official statement about the incidents. Preliminarily, the database contains fresh records starting from 2023. Leaked data includes:

• Full names
• Phone numbers
• Email addresses
• Account statuses
• Financial deposit details.

Exposed data can be used for criminal activities such as fraud, identity theft, and financial exploitation. Financial records are particularly valuable to cybercriminals. 60% of data breaches in 2024 involved personal, financial, and medical information.

In addition, the news on another data breach in the UAE was published. Preliminarily, malicious actors exfiltrated 22 GB of confidential information from Wizz Air Abu Dhabi, a low-cost airline operator based in Abu Dhabi. The company has not made any official statements so far. Wizz Air operates in deep integration with the state-owned Abu Dhabi Development Holding.

It is known that sensitive data was put on sale on a darknet website. The dataset contained such information as:

• Company reports and operations
• Employee and client data
• Internal data
• Air operator certificates for employees.

The UAE has been becoming more and more valuable as a target for criminals in the last years. Some adversary groups are motivated by the prospects of financial gains, while others are ideologically driven hacktivists. Cyberattacks are ranging from massive DDoS attacks to sophisticated advanced persistent threats. The United Arab Emirates takes second place in terms of average data breach costs worldwide, with the expenses reaching $8.75 million, according to IBM’s Cost of a Data Breach report.

To address the challenges emerging from constantly evolving cyber landscape, the UAE Cyber Security Council developed the National Cybersecurity Strategy. The full text isn’t publicly available yet, however, the governmental officials disclosed the main points of the program. The strategy is based on five pillars, with each pillar containing a set of initiatives that support the achievement of end goals.

• Strengthening Cybersecurity Governance. The UAE actively forms a legal framework for cybersecurity on different levels—federal, emirate, and sectoral. The goal is to develop a seamless, unified legal field without regulatory overlaps and enhance the transparency of governmental regulation.
• Adoption of Emerging Technologies. In line with the ambitious ‘We are the UAE 2031’ national plan, the United Arab Emirates is aimed at the swift development and integration of advanced technologies such as AI, quantum computing, and IoT. Promotion of information technologies and well-calculated risk management is the UAE’s approach to cybersecurity.
• Building a Secure and Resilient Digital Environment. As criminals are targeting critical infrastructure, the financial sector, government services, and the vast digital economy, the Emirates are enhancing the cybersecurity architecture. For instance, the UAE alone fell victim to 50,000 cyberattacks per day in 2024. That’s why the Emirate’s government invests in the development of Security Operation Centers, a national vulnerability program, and other projects.
• Expanding National and International Cybersecurity Partnerships. Cyberattacks usually have a transborder character. To effectively resist such threats, the UAE is collaborating with private companies around the globe as well as international state partners.
• Developing Cybersecurity Talent and Innovation. The cybersecurity workforce is in high demand. It’s fair for the UAE, the MENA region, and the whole globe. In 2024, there were more than 35,000 cybersecurity specialists needed in the UAE due to a shortage of workforce. The United Arab Emirates is actively launching governmental workforce development programs like Cyber Sniper and Cyber Future Leaders to address this issue. Skilled professionals and a robust cybersecurity structure are the basis of effective and reliable national security.

The UAE pays close attention to the cybersecurity issues. The government is forming legal frameworks to address upcoming challenges and investing in a long-term project. It is expected that in the future, both private entities and state structures will continue to work hard to secure reliable protection against cyberthreats.

Information security is one of the central cybersecurity elements because nowadays data is the key asset for any business or governmental body. It is impossible to ensure data security without the implementation of specialized software and the expertise of experienced professionals. To address these issues, we developed our Managed Security Service. MSS provides holistic data protection and prevention of internal threats, ranging from data leak & corporate fraud prevention to revelation of systematic idleness. On top of that, it enhances compliance with legal demands and assists compliance reporting.