rewrite this content and keep HTML tags as is:
- 2025 cyberattacks may cost $57bn
- AI having major impact
- Hackers have more ways in
The Middle East’s rapid digitalisation and widespread adoption of AI are expanding the number of potential entry points for cybercriminals.
This has prompted a sharp rise in demand for cybersecurity services in Saudi Arabia and across the region, sector experts said.
Globally, cybercrime is growing in scale and sophistication. Ransomware remains one of the fastest-expanding threats, with attackers infiltrating systems, locking critical data or infrastructure and demanding payment for its release.
Such attacks could cost organisations as much as $57 billion in 2025 alone, according to cybersecurity company Mimecast.
In the Middle East, 15 percent of organisations already report suffering data breaches costing more than $100,000, according to a survey of 121 business and technology leaders by consultancy PwC.
“That’s part of why we think there’s such a great opportunity in Saudi [and the wider GCC]”, said Pete Harteveld, CEO of AI and cybersecurity company Exabeam.
The Colorado-based company sells security services to major clients across the GCC, including the Saudi defence ministry and Riyad Bank. The Middle East and North Africa account for a quarter of its overall business and that share is growing. Mena revenue is on track to grow by 20 percent this year; Harteveld expects a further 20 percent jump next year.
Much of this is down to AI. New technology has made it easier for hackers to find a way into a system, allowing them to make many more attempts over a shorter period. But the rise of AI has also created new vulnerabilities as companies have rushed to incorporate AI agents into their workforce, each of which is liable to corruption from hackers.
“I need to pay attention to each of those agents just like a human,” Harteveld said.
In August, a hacker took control of an AI chatbot belonging to the US-based sales platform Salesloft. The attacker exported large amounts of corporate data, honing in on access keys and passwords, for at least 10 days before being spotted.
“That occurred because there was an agent that was compromised, that started to do nefarious things,” Harteveld said, “but nobody saw it.”
Vulnerabilities increase
In a World Economic Forum survey of industry leaders published in January, 66 percent of respondents named AI as the single biggest factor likely to impact cybersecurity this year. Of those surveyed, 71 percent said small organisations are now no longer able to secure themselves against threats. Large organisations too have seen their vulnerabilities increase.
“In Saudi, the big concern is ransomware because you have a lot of oil and gas business,” said Chenxi Wang, cybersecurity expert and founder of Silicon Valley venture capital investor Rain Capital. “That market segment is traditionally vulnerable to ransomware threats. Saudi Aramco, for instance, has been attacked in the past.”
In 2012, the oil giant fell victim to the notorious “Shamoon” attack, in which 30,000 workstations were affected.
In 2021, hackers tried to ransom 1 terabyte of Aramco data in return for $50 million. Aramco has said it intends to make data a larger part of its growth strategy, using data analytics and real-time monitoring to increase efficiencies. The more heavily companies lean on digitalised services, however, the more opportunities hackers have to gain access.
“It used to be the case that we have a guy who gets in the truck and then drives the length of the gas pipeline to check for leaks,” said Wang, explaining how the oil industry in general has changed.
“Nowadays you have sensors, every 10 or 20 metres. You have pressure sensors, you have poisonous gas sensors, you have lots of different sensors,” said Wang. “And those things all open up new attack surfaces because they can be manipulated.”
With the productivity gains that such technologies provide, companies are forced to find a balance between security and efficiency.
Further reading:
Further reading:
“Over the past 10 years there [has] been a move and a shift to make sure that assets are protected, systems are segregated to the extent possible,” said Raddad Ayoub, a critical infrastructure expert and partner at PwC.
“Organisations are realising that: ‘Yes, I want to protect my assets, but not necessarily by having a moat’. You want to make sure that you leverage those emerging technologies and solutions in a way that addresses those risks but makes sure that you have that connectivity.”
Companies looking to stay competitive, Ayoub said, will be unable to grow without developing the types of technology most vulnerable to attacks.
“You need data,” he said. “You need visibility.”