
Since the U.S.-Iran war outbreak in late February, the Gulf region has faced a sharp escalation in both cyberattacks and physical strikes on cloud infrastructure, forcing governments and businesses to overhaul their digital defenses. Daily cyberattacks in the UAE surged from 200,000 to 700,000, while drone strikes in March directly hit major AWS data centers, knocking them offline and disrupting financial systems across the region. The attacks have exposed critical gaps in insurance coverage for geopolitical risks and underscored the need for sovereign, redundant infrastructure—driving a shift toward adaptive security systems and locally governed clouds.
Summaries like this, in your inbox every morning.
Sign up free →What happened
Since the U.S.-Iran war outbreak on February 28, the UAE has seen daily cyberattack attempts surge from roughly 200,000 to as many as 700,000. In early March, drone strikes directly hit two AWS data centers in the UAE and one in Bahrain, forcing all three offline and triggering outages across banking, payments, and enterprise software. A Help AG report found that AI has enabled attackers to complete attacks 65% faster than before in the first quarter of 2026, with some causing damage less than 40 hours after gaining access.
Why it matters
The average cost of a data breach in the Middle East stood at $7.29 million(約12億円) in 2025—significantly above the global average of $4.44 million(約7.1億円). For Gulf states pursuing AI hub ambitions, the attacks have exposed geopolitical vulnerability of digital infrastructure and the limits of existing insurance frameworks, which often exclude or limit coverage for acts of war and state-sponsored cyberattacks. Rising security spending and insurance premiums will likely increase costs of building and operating data centers across the region.
What to watch
Information security spending across MENA is expected to reach $4.07 billion(約6500億円) in 2026, up 10.1% from 2025. Cybersecurity spending across the GCC is projected to surpass $9.6 billion(約1.5兆円) by 2032, up from $5.9 billion(約9400億円) in 2025. The UAE and Saudi Arabia are increasingly building cybersecurity into infrastructure planning, with sovereign cloud and locally governed systems becoming core design priorities.
The escalation began with the U.S.-Iran war outbreak on February 28, which triggered both a surge in cyberattacks and direct military strikes on digital infrastructure. In the UAE alone, daily cyberattack attempts nearly quadrupled from roughly 200,000 to as many as 700,000 as geopolitical tensions flared. More significantly, the March drone strikes on AWS facilities marked the first time military attacks had directly targeted and disrupted data center operations of a major U.S. tech company—a threshold that security experts warn may not hold. Help AG's report documents how AI has become a force multiplier for attackers, compressing attack lifecycles to unprecedented speed; the Middle East reflects the same pattern but under higher exposure intensity.
The economic burden is substantial and accelerating. The average cost of a data breach in the Middle East—$7.29 million(約12億円) in 2025—already exceeds the global average by a large margin. Yet the region's insurance frameworks have not kept pace with systemic risk. Many cyber policies exclude or limit coverage for acts of war and state-sponsored cyberattacks, exclusions that have become more prominent as geopolitical tensions increased. Penetration of cyber insurance remains low in the UAE and Saudi Arabia compared with mature markets, leaving smaller businesses particularly vulnerable.
In response, the UAE and Saudi Arabia are embedding cybersecurity into infrastructure planning itself, prioritizing sovereign clouds and locally governed systems over reliance on hyperscale international facilities. Spending reflects this urgency: information security spending across MENA is expected to reach $4.07 billion(約6500億円) in 2026, up 10.1% from 2025, while GCC cybersecurity spending is projected to reach $9.6 billion(約1.5兆円) by 2032 from $5.9 billion(約9400億円) in 2025. The shift toward distributed, adaptive, and locally controlled digital infrastructure appears to be both a defensive necessity and a reshaping of how the region approaches data sovereignty and national resilience.
No discussion yet for this article
Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack