Hyther Nizam, CEO of Zoho, Middle East and Africa (MEA)
Zoho Corp., a leading global technology company, launched a report today revealing that while businesses in the UAE face frequent cyberattacks, 96 per cent of the respondents cited having the necessary tools to respond to cyber threats, leveraging capabilities such as real-time threat detection and endpoint security measures. UAE also has high Zero Trust adoption as well as commitment to strengthen cybersecurity measures, as per the report. However, there remains a need for stronger identity security as the nation advances its digital ecosystem and artificial intelligence adoption.
According to Zoho’s State of Workplace Password Security 2026 global report – businesses across the wider Middle East and Africa (MEA) region have reported the highest rate of cyberattacks globally, in which 36 per cent of organisations have been exposed to an attack in the past year. In the UAE, over 45 per cent of organisations have reported cyberattacks within the same period. While most organisations in the country have the tools to respond to cyber threats, the report finds that in MEA, 79 per cent of organisations lack complete identity visibility, where in UAE only 40 per cent have reported lack of complete visibility and control over identities.
“UAE is one of the leading countries in digitalisation and AI adoption in the region, which makes it a target for cyberattacks. Most enterprises are showing security readiness with strong proactive security postures and reactive security tools to tackle attacks once they happen,” said Hyther Nizam, Chief Executive Officer (CEO) at Zoho Middle East and Africa (MEA). “Many organisations have invested in detection and response capabilities, yet identity security—governing who has access to what, and under what conditions—remains a critical gap. Fixing this is essential because this gap creates entry points for attackers due to compromised credentials or excessive privileges.”
The report reveals strong but uneven adoption of core cybersecurity measures among businesses in the UAE. It shows a strong Zero Trust maturity amongst organisations with 80 per cent of enterprises having a zero trust strategy in place. A majority, around 60 per cent of businesses, report being somewhat close to achieving zero standing privileges, while only approx 22 per cent have fully reached this goal, and 18 per cent say they are still not close. However, businesses (42 per cent) cite unmanageable identity growth and a lack of adequate tools and processes (42 per cent) as primary obstacles to strengthening their identity security posture.
While many companies have implemented various fundamental protections, there are a few gaps: 38 per cent report not using email security, over 43 per cent lack identity and access management (IAM), and more than 45 per cent have yet to adopt multi-factor authentication (MFA) and password management solutions. Adoption gaps widen further across more advanced controls, with close to 53 per cent lacking secure browsers, 58 per cent without device management, more than 65 per cent not using passkeys, and over 67 per cent without log management capabilities.
On the other hand, the report highlights that UAE enterprises are demonstrating a strong commitment to enhancing cybersecurity resilience. A majority of respondents (76.4 per cent) plan to increase their security budgets over the next five years.
Artificial intelligence is playing an increasingly central role in this transformation. Approximately 64 per cent of organisations strongly believe AI enhances security, while 53 per cent have already adopted AI-powered cybersecurity tools. Among the most sought-after AI capabilities are real-time threat detection (70.6 per cent) and user behaviour analytics (52.9 per cent).
The study reveals that the most common identity-based threats facing organisations today, including phishing (25.5 per cent), malicious insiders (20 per cent), and social engineering attacks (16.4 per cent). The findings were based on a workforce composition of physical workplaces, with 47 per cent operating fully in-office and 41.8 per cent in hybrid models, compared to 10.9 per cent fully remote.
The report’s findings were derived from a diverse cross-section of industries, led by technology (30.9 per cent) and financial services (21.8 per cent), followed by healthcare and other sectors (both 16.4 per cent), as well as government (9.1 per cent) and education (5.5 per cent). The survey’s sample is largely made up of mid-sized organisations, with the majority employing between 50 and 999 employees, providing a balanced view across growing and established enterprises.
Access and identity control can be managed via password management tools like Zoho Vault and IAM tools like Zoho Directory. Zoho Vault is Zoho’s workforce password management solution that helps organisations securely store, manage, and share sensitive credentials from a centralised vault. It enables businesses to enforce strong access controls, monitor usage, and maintain password hygiene through role-based access, workflows, and audit reports. With seamless integrations, AES-256 encryption, multi-factor authentication, and a zero-knowledge architecture, Zoho Vault ensures secure and efficient credential management for modern businesses.
As a FIDO Alliance member, Zoho offers an integrated credential security stack spanning Zoho Vault (enterprise password and passkey management with SSO), Ulaa (a privacy-first enterprise browser with built-in DLP and AI-powered phishing protection), Zoho Directory (workforce IAM with SSO, conditional access, and automated provisioning), and Zoho OneAuth (passwordless MFA with passkey, biometric, and TOTP support)
Leave a reply
