The conversation has changed. Has your cyber strategy kept up?

Across the UAE and the wider Gulf, the conversations with CIOs and CISOs have changed. Where once the focus centred on how to keep attackers out, the question being asked most often today is far more direct: “when we are hit, how quickly can we recover?”

That shift in framing reflects the reality organisations are now operating in. As of early 2026, UAE authorities were intercepting between 90,000 and 200,000 cyberattacks every single day, with more than 70% linked to state-sponsored threat actors. In the first half of 2025 alone, identity-based attacks across the region surged by 32%. And over half of all cyber incidents with known motives were driven by extortion or ransomware.

What differentiates organisations now is not how long they can avoid cyber incidents, but how effectively they respond when they hit.

Get updated faster and for FREE: Download the Gulf News app now - simply click here.

The challenge is that many organisations are still investing more heavily in prevention than in recovery. Security capabilities have advanced significantly, but recovery readiness has not kept pace. When an incident happens, the gaps become clear very quickly. How long will it take to restore critical systems? In what order should they come back online? And perhaps most importantly, can the data being restored actually be trusted? These are the questions that define resilience in practice.

Organisations across the region are now beginning to approach this differently. Increasingly, they are moving towards what we describe as Resilience Operations (ResOps), a state of total resilience in an AI-driven world. This is not a rebrand of disaster recovery. It is a shift towards treating resilience as an end-to-end operational capability that spans identifying critical systems, protecting data, detecting anomalies, responding to incidents, and recovering in a controlled and trusted way.

The starting point is understanding what we often describe as your minimum viable company. This is about identifying the systems, data, and processes that the business cannot function without during a crisis or cyber incident, and having a clear, tested path to restoring them. Without that clarity, recovery becomes slower, more complex, and more disruptive than it needs to be.

Time is the second part of the equation. In many cases, full recovery from a cyber incident still takes weeks. That gap between disruption and restoration is where the real business impact is felt. Leading organisations are now treating recovery time as something that can be measured and improved, not accepted as a fixed outcome.

Achieving this requires a shift in how recovery is approached. It is no longer enough to restore systems and assume they are safe. One of the most common risks organisations face is bringing compromised data back into production. Recovery must be based on data that is verified and trusted. That demands the ability to isolate environments, validate recovery points, and test restoration processes before systems are brought back online.

In practice, this is where total resilience becomes real. It brings together protection, detection, and recovery into a continuous operating model. Organisations that perform well in real incidents tend to have a few things in common. They have isolated copies of critical data that cannot be altered or deleted. They can recover workloads into controlled environments to validate integrity before restoring operations. And they test these processes regularly, under conditions that reflect how attacks actually unfold.

The regulatory environment is reinforcing this shift. The UAE’s National Cyber Security Strategy is placing greater emphasis on demonstrable capability. It is no longer sufficient to have policies in place. Organisations are expected to show that they can detect, respond, and recover in practice. That expectation is already influencing how resilience is being prioritised across sectors.

Ultimately, resilience is not something that can be implemented through a single technology or initiative. It is the result of deliberate design, clear priorities, and consistent testing. It requires organisations to move beyond theoretical recovery plans and focus on what will actually work under pressure.

For leadership teams, the starting point is straightforward. Do we know what parts of the business must be operational within hours, not days? Can we recover those systems quickly and in the right sequence? And can we be certain that the data we restore is clean?

If the answers to those questions are unclear, that is where the focus needs to be. Because in an environment where disruption is inevitable, resilience is defined by how quickly and confidently an organisation can return to operation.