Cyberattacks in the age of AI: How to protect yourself in the UAE

Dubai: Artificial intelligence is no longer a future risk in cybersecurity. From deepfake voice scams and hyper-personalised phishing emails to automated malware that adapts in real time, AI is reshaping how cybercriminals operate.

And as countries like the UAE accelerate digital transformation, the exposure to cyberattacks, according to UAE-based cybersecurity experts, is rapidly growing.

“AI is becoming central to how attacks are launched and scaled,” said Eliad Kimhy, Senior Security Researcher at Acronis. “We are moving towards autonomous threats that can exfiltrate data many times faster than human attackers.”

One of the most immediate impacts of AI is in social engineering – tricking people into clicking, paying or sharing information.

AI can now analyse social media profiles, company websites and public records to craft highly convincing messages that appear to come from a trusted colleague, boss or government entity. Voice cloning and deepfake video are also being used to impersonate senior executives.

“Threat actors are using AI to personalise phishing at scale and create realistic audio and video impersonations,” said Morey Haber, Chief Security Advisor at BeyondTrust. “This significantly raises the risk of fraud and data breaches.”

For businesses, this means traditional awareness training is no longer enough. The scams are becoming harder to spot, even for experienced staff.

So how bad can it get?

Experts point to several high-impact scenarios:

AI is also accelerating the technical side of cybercrime. Automated tools can scan networks, identify weak points and launch attacks without human intervention.

“AI-driven attacks are expected to grow significantly in 2026,” Kimhy said. “We’re seeing faster reconnaissance, quicker exploitation and more efficient data theft.”

This means organisations may have less time to detect and respond before damage is done – increasing the risk of major data breaches, service outages and financial losses.

The UAE’s rapid digital growth makes it an attractive target. Government services, banking, energy, healthcare and smart infrastructure are increasingly connected and data-driven.

Recent government reporting has cited roughly 150,000 to 200,000 cyber incidents per day, depending on what is counted – from blocked scans and bot traffic to intrusion attempts. Some estimates go much higher when all automated activity is included.

“High-value digital environments attract sustained attention,” Haber said. “Government, finance and energy are repeatedly among the most targeted sectors.”

Healthcare has also seen a rise in ransomware and extortion attempts, driven by the high impact of downtime and the sensitivity of patient data.

Despite rising risks, many organisations are still struggling to keep up.

Cybersecurity budgets in the region are growing, but experts say spending alone is not enough. A global shortage of skilled professionals is leaving many companies under-resourced.

“Demand for cybersecurity talent continues to outpace supply,” Mohammed Hoteit, Eastern Gulf Sales Manager at Axis Communications. “The gap between tools and operational capability is a real issue.”

More than 60 per cent of medium-to-large UAE companies now use managed security service providers for at least one core function, according to industry estimates. While this helps in the short term, it can create long-term dependency without building internal expertise.

For businesses, the message is stark: AI is changing the threat landscape faster than many security strategies are adapting. Cyber risk is no longer an IT problem – it is a business, reputational and operational risk.

For consumers, it means being more cautious about emails, messages and calls, even when they appear legitimate. Deepfake scams and impersonation attacks are becoming harder to detect.

As the UAE continues to build smart cities, digital government services and connected infrastructure, experts say resilience, governance and secure-by-design systems will be critical.

“Cybersecurity is now part of doing business in a connected world,” Hoteit said. “And in the age of AI, the stakes are higher than ever.”