Originally published in CXO Insight Middle East magazine, April 2025
The expansion of the data protection sector across the Middle East has followed the diversification of the region’s economies beyond traditional industries such as oil and gas, logistics, and retail, and the embrace of a digital future.
If organizations fail to protect data, they can incur steep costs due to litigation, loss of brand value, technical fixes, and so on. Conversely, implementing robust protection measures and complying with relevant regulations comes with a range of benefits, such as reduced risk of data breaches and increased trust from investors and customers.
Countries across the Middle East have been demonstrating an increased commitment to the protection of data. However, growing cyber threats, increased dependence on complex supply chains, the pressure of regulatory compliance, and unstable geopolitical situations are contributing to an uncertain cybersecurity landscape in 2025.
Having said that, with this uncertainty comes opportunities for businesses in the region to reshape their processes and emerge as leaders in their industries.
Aftab Saloda, Senior Vice President and Business Head of cybersecurity services at Silverse, shares his insights on data protection and cybersecurity in the Middle East and how organizations can leverage them to power ahead of their competition.
While many regions are experiencing increased data breaches, the Middle East has become a prime target for cybercriminals. “High-value targets such as oil and gas industries and HQs of major businesses are stationed in the region,” says Aftab. “Criminals are also targeting growing businesses, start-ups, and newer businesses such as digital banking and cryptocurrency transactions.”
But the reasons go beyond ideal targets. “Vulnerabilities arise in rapid digital transformation, global mega-events, and outdated systems and software,” Aftab notes.
Data protection trends in the region are rapidly developing in response to both tightening regulations and increasing cyber-attacks.
“The major trends,” says Aftab, “have to do with the adoption of tech. Think zero-trust architecture, data encryption and privacy by design, identity systems modernization, advanced threat intelligence, automated response systems, and using AI/ML for threat detection.”
Additionally, there is an increased focus by governments on corridoring data within country boundaries. Aftab explains, “This helps to ensure sovereignty over data and protect citizens’ privacy.”
While data protection is on the agenda across industries, Aftab highlights that many companies face obstacles in its implementation.
He points out, “Organizations struggle with continuous monitoring and timely incident response. A shortage of skilled cybersecurity professionals, coupled with complex regulatory environments, exacerbates the issue.”
Some challenges stem from the need to balance business priorities. “Striking the right balance between robust data protection measures and user convenience can be difficult,” says Aftab. “Furthermore, the high cost of advanced security solutions can be a deterrent.”
Another hurdle is integrating new technologies with legacy systems. “Adopting cutting-edge technologies while maintaining the functionality and security of older systems can be a complex task,” Aftab explains.
Lastly, there is often a lack of a security-focused culture. “Security is still often an afterthought in local business houses. Their investment in data protection controls is largely driven by enforcement of regulation (resulting in a tick-box approach of focusing on reporting while not addressing underlying issues) or a major security breach in the organization.”
Organizations can begin with several high-impact, easily achievable measures.
“Companies should tighten identity and access management systems and processes, ensure timely software updates and patches, conduct regular security audits and vulnerability assessments, and establish clear data governance policies,” says Aftab.
He further emphasizes the importance of training and awareness to help create a security-conscious culture and reduce human error. “Regularly train employees on cybersecurity best practices, and initiating cyber awareness for the board and leadership to integrate cybersecurity into the core business,” Aftab notes.
Certain laws are crucial to ensure compliance and protect organizational data. Familiarity with these regulations helps to mitigate legal risks and build customer trust.
Aftab points out, “Key laws for familiarization include the UAE’s Personal Data Protection Law (PDPL) and Qatar’s Personal Data Privacy Protection Law (PDPPL).” He further emphasizes, “CEOs and board members should also stay updated on any amendments or new regulations. Understanding the implications of non-compliance is essential for strategic decision-making.”
As data security concerns grow, businesses across the Middle East are focusing on several critical areas, primarily within technology. Aftab notes: “Organizations are increasingly investing in identity and access management solutions, data loss prevention (DLP) technologies to prevent unauthorized data transfers, and cloud security, endpoint protection, and advanced threat intelligence systems.”
While Gen AI can streamline operations, it also comes with a string of potential risks. In a region such as the Middle East, where data security is tied to both corporate competitiveness and national security, the stakes are high.
“Some of the risks,” Aftab points out, “include misuse of sensitive information, non-compliance of AI systems with data protection regulations, data breaches, and AI algorithms inadvertently introducing and exacerbating biases.”
It is important to remember that certain risks circle back to how organizations leverage Gen AI. “There must be accountability and transparency in AI decision-making processes,” Aftab says. “Companies must also address the ethical implications of Gen AI use.”
Cybersecurity readiness refers to an organization’s ability to identify, prevent, and respond to cyber threats. It encompasses cybersecurity processes, technologies, culture, and policies. The more mature the stage of readiness, the better a company is able to prevent and mitigate cyber threats.
In the Middle East, most organizations have not yet reached the mature stage. Aftab points out the infrastructural and technological factors that contribute to this: “Critical factors include insufficient investment in cybersecurity infrastructure and the rapid pace of technological change outpacing security measures.”
However, culture and strategy also play a part. “A lack of cyber-awareness, reactive rather than proactive approach to cybersecurity, absence of a comprehensive cybersecurity strategy, and limited collaboration between IT and business units also hinder cyber-readiness,” says Aftab.
A key component to building cyber resilience is fostering an ecosystem to share threat intelligence. “By collaborating with peers, industry groups, and government entities, companies can gain crucial insights into emerging threats, trends, and best practices,” says Aftab.
Another vital strategy is the creation of a disaster recovery plan. Aftab explains: “This plan should focus not only on data recovery but also on minimizing operational downtime. In the fast-paced business environment of the Middle East, where continuity is critical, quick restoration of operations can reduce the impact of a cyber incident. Organizations should, furthermore, regularly test and update the plan. Equally important is the development of a robust incident response plan, which should detail roles and responsibilities, communication strategies, and procedures for identifying, containing, and mitigating potential breaches.”
On the technical side, Aftab says, “Implementing continuous monitoring is essential for early detection of potential vulnerabilities or breaches. In addition, adopting a zero-trust security model will reduce the risk of unauthorized access.”
“Silverse provides bespoke cybersecurity solutions, including regulatory compliance consulting and technical implementation, that align with regional laws,” explains Aftab. “With our proactive and innovative approach, which also incorporates automation, organizations can sprint ahead of emerging threats.”
He further says: “Our skilled cybersecurity practitioners have experience in working on large complex projects across geographies, and we boast a deep understanding of local market dynamics. This enables us to offer strategies tailored to specific regions and organizational goals.”
Read the original interview in CXO Insight Middle East magazine, pp. 29–31!
Please fill the details below. A representative will contact you shortly after receiving your request.
