Head of the UAE Government Cybersecurity Council, Dr. Mohamed Hamad Al Kuwaiti, has confirmed that the UAE has a sophisticated and interconnected national cybersecurity ecosystem that has the potential to detect and mitigate digital threats with the highest efficiency.
“Over 90,000 to 200,000 breach attempts strike the UAE infrastructure every single day,” Al Kuwaiti told the Emirates News Agency (WAM), citing that all are proactively affecting without impacting service continuity or data security.
He noted that there have been 128 certifiable cyber threat events on entities in the UAE since the start of 2026, and these events include ransomware attacks, government breaches, and data leaks or breach incidents.
He emphasized that every incident was handled on the basis of collective national response guidelines in order to induce quick containment and risk reduction.
Al Kuwaiti stated that one of the sectors that were highly targeted was the government administration, the financial services, and banking, among other vital sectors. There were threats of website defacement, data leakage, data breach, initial access, ransomware, denial-of-service (DDoS), state-sponsored/APT, and others.
Al Kuwaiti reported a threat intelligence analysis indicating that a high percentage of these attacks were initiated by state-sponsored advanced threat groups, along with cybercriminal activities and hacktivist groups.
These are constantly monitored and tracked by national monitoring systems in liaison with the concerned authorities.
Speaking on rumors available online and the application of deepfake technologies, he stated that there was active use of these threats to undermine the confidence of people, control the market, and ruin the international image of the country.
He added that the UAE is constantly keeping an eye on efforts to post misleading or fake information, especially in the financial, economic, and banking industries, or the use of the names of official government figures.
Al Kuwaiti further stated that the number of deepfake cases concerning the UAE is not official, but falsified videos increasingly find their application, such as content featuring public personalities advertising fraudulent activities or delivering unjustified verdicts, to destroy trust in the population, manipulate markets, and damage the international reputation of the country.
He added, “Regional geopolitical tensions across North Africa, the Gulf, and broader Middle East information spaces have intensified online narratives targeting the UAE. Conflict-driven discourse, diplomatic friction, and AI-enabled disinformation activity have increased rumor propagation and hacktivist mobilization across regional digital ecosystems.”
He mentioned that 21 actively monitored APT groups of threat actors and 60 distinct hacktivists and cybercriminal actors suggest that the UAE infrastructure attacks are mainly launched in Asia, Europe, and South America.
By continent-level disaggregation, Asia is home to about 66.7 percent of state-sponsored actor origins, Europe to 14.3 percent, and Middle Eastern or cross-regional actors comprise the rest.
Regarding the operational networks, 49.2 percent, 40.6 percent, and 10.2 percent of the tracked incidents were organized through Telegram, open web (forums and marketplaces across global geographies), and Tor-based dark-web infrastructure (mostly related to ransomware ecosystems).
Al Kuwaiti articulated that the UAE is dealing with these threats by having an integrated technical and legislative system, which involves early warning, sophisticated content analysis, social awareness, and the establishment of regulatory mechanisms of artificial intelligence to restrict its abuse.
A national strategy for 2025-2031, adopted in February 2025, is a comprehensive plan to enhance cybersecurity in the country.
He also mentioned the centralized National Security Operations Centre, which is a linking point in monitoring alerts and detecting threats at various operations centers around the country, facilitating the sharing of real-time threat intelligence, and coordinating responses.
Regarding the types of cyberattacks, he said defacement accounted for 38.3 percent of total incidents, followed by data leaks at 25.8 percent, data breaches at 13.3 percent, initial access at 10.2 percent, ransomware attacks at 7.8 percent, and DDoS attacks at 4.7 percent.
He reported that state-sponsored/APT accounted for 71.4 percent of tracked threat actors (15 of 21 groups), while eCrime/Criminal of tracked threat actors and hacktivist groups each represented 14.3 percent.
Al Kuwaiti stated that Government Administration was first in the most targeted areas with 9.4 percent, then Financial Services & Banking with 9.3 percent, and Real Estate with 5.5 percent.
Construction & Engineering contributed 4.7 percent, Professional Services, and Transportation and Logistics 3.9 percent each, and Hospitality and Tourism, Education, and Marketing and Advertising each recorded 3.1 percent.
However, the Luxury Goods & Jewellery, architecture and planning, and management consulting each stood at 2.3 percent.
Al Kuwaiti confirmed that the UAE remains committed to nurturing and developing national talent in cybersecurity using specialized programmes, leadership programs, and competitive training programs, as well as making efforts to cement innovation and entrepreneurship in the critical sector, which enhances digital sustainability and national security.
On global collaboration, Al Kuwaiti remarked that the UAE pursues an active policy of enhancing regional and international collaboration in the field of cybersecurity through multilateral avenues and bilateral arrangements as the exchange of threat intelligence, cooperation in incident response, and the amplification of digital resilience.
He emphasized that this strategy indicates the national desire to keep its national cyberspace safe and, at the same time, responsible international cooperation to counter cross-border threats under a balanced framework supporting national sovereignty and viable international cooperation.
