Help AG’s CBO shares insights into the state of UAE’s cybersecurity sector in 2024

What are your estimates of the value of the UAE cybersecurity sector in the past year? And what is the expected growth rate in the coming period?

While specific growth figures for the UAE are best determined by analysts, according to the IDC’s Cybersecurity Spending Guide, the cybersecurity market for the META (Middle East, Turkey, and Africa) region is growing at a CAGR of 9.2 per cent from 2022 to 2027.

Cybersecurity spending is projected to surpass $6.5bn in 2024 for the META region, reflecting higher-than-expected growth. For the GCC plus Egypt, the estimated market value in 2024 is expected to reach $4.09bn.

This growth underscores the increasing investment in cybersecurity across the region, driven by the rising threat landscape and the need for robust digital security measures.

The UAE, as a key player in the region, is expected to follow this upward trajectory as organizations across sectors continue to prioritize cybersecurity.

What were the dominant trends you observed in the UAE cybersecurity sector in 2024?

Help AG’s State of the Market Report 2024 outlines cybersecurity investment patterns and trends in the GCC, specifically in the UAE and Saudi Arabia.

Most notably, Help AG recorded a continued and accelerated trend in cyber defence investments amid the continuing digital transformation surge. Additionally, there has been a marked acceleration in the consolidation of cybersecurity spending, increasing by over 100 per cent in 2023.

This trend is strongly linked to the growth of the services business, as customers are increasingly inclined to consume cybersecurity as a service, demanding clear deliverables, service level agreements (SLAs), key performance indicators (KPIs), and transparent costs.

Investment in managed cyber defence also skyrocketed, prompted by the increasing complexity of the digital threat landscape. Associated services, such as network detection and response, endpoint detection and response, threat intelligence, digital risk protection, and incident response services, all witnessed increased investment.

This trend suggests that organisations are prioritising comprehensive threat management and protection measures, highlighting an increased awareness and proactive approach to cybersecurity threats.

Additionally, there is growing interest in Secure Access Service Edge (SASE), as organisations look to integrate networking and security functions into a unified cloud-based architecture. SASE is particularly attractive due to its ability to enhance network security, streamline operations, and support the shift to hybrid and remote work environments. As businesses embrace this model, we expect to see continued growth in SASE adoption as part of an overall strategy to reduce complexity and improve security postures across distributed environments.

What are the industries or sectors with the highest demand for cybersecurity products and services in the UAE?

Cyberattacks are becoming increasingly widespread, in that they affect all sectors due to the increasing prevalence of interconnected digital infrastructures. We saw this in real-time last July when a faulty software update caused global disruptions and widespread system crashes, impacting a variety of industries ranging from airlines to healthcare to financial services.

In the UAE, virtually every sector is undergoing digital transformation, necessitating a proactive approach toward building cyber resilience. Key sectors in UAE where we are witnessing high demand for cybersecurity services include banking and finance, government, energy and utilities, education, aviation, healthcare, and retail.

As transactions and operations in these industries become more digitised, the need for advanced cybersecurity solutions grows. It is worth noting that sectors in the UAE are investing in the right areas of cybersecurity and fare well compared to global peers, demonstrating a proactive and mature approach to safeguarding their digital infrastructures.

What have been the most important and impactful initiatives in UAE in the cybersecurity field?

The most impactful cybersecurity initiatives are undoubtedly being driven by the UAE government, with organisations such as the Cyber Security Council and Dubai Electronic Security Centre leading the way to further bolster the UAE’s global leadership in this field.

One powerful move was the launch of the Dubai AI Security Policy by DESC last September, which showed that the UAE is taking the helm when it comes to securing the emerging technologies which are rapidly reshaping our world.

On the national level, the UAE Cybersecurity Council have announced that they are currently developing many new policies related to cybersecurity, which are due to be issued by the end of the year. These policies will be impactful across several key areas including cloud computing and data security, Internet of Things security, and cybersecurity operations centres.

We are even seeing government bodies across different industries establishing detailed and sector-specific guidelines to promote cyber resilience. As one example, the General Civil Aviation Authority earlier this month launched a cybersecurity framework, to help ensure the resilience of this vital sector in the UAE which is quickly becoming highly interconnected.

It’s also essential to recognise the contributions of other key entities such as Dubai Digital Authority, DGE Abu Dhabi, Ajman e-Government, Sharjah e-Government, and the Telecommunications and Digital Government Regulatory Authority (TDRA), all of which are spearheading cybersecurity efforts within their respective domains. These initiatives collectively contribute to the UAE’s robust and forward-thinking approach to cybersecurity.

What is your vision for the future of cybersecurity in the coming years?

We believe the future of cybersecurity will centre on three key pillars: securing AI, preparing for post-quantum cryptography, and integrating intelligent automation with human expertise. This is at the heart of Help AG’s Cybersphere Nexus, our initiative designed to address not just the challenges of today and tomorrow, but also the future ahead.

As AI becomes more integrated into enterprises, securing its use will be critical, requiring advanced AI-powered security solutions along with strong governance to ensure oversight and control. While AI’s potential is widely recognised, its real impact will emerge as organisations refine their understanding and implementation over time.

Quantum computing also presents a significant disruption to traditional encryption methods. To build resilience, service providers must offer post-quantum cryptography solutions capable of withstanding future quantum threats.

Help AG has always been a pioneer in the shift toward a service-centric, experience-driven economy. We believe the future belongs to a hybrid model—combining the agility of AI and automation with the expertise of human minds. This intelligent approach will be crucial in delivering robust, end-to-end cybersecurity services such as managed detection and response (MDR) with refined SLAs ensuring seamless service delivery.

Additionally, resilience will be key in navigating the evolving threat landscape. Organisations will need to consolidate technologies into unified, efficient platforms to avoid fragmentation and reduce complexity. This consolidation, along with a strong focus on resilience, will ensure businesses can adapt and respond to threats quickly and effectively.

In essence, the future of cybersecurity will be built on the combination of AI, human expertise, resilience, and technological consolidation—creating a security framework capable of adapting to tomorrow’s challenges.

What are the major products, services and innovations launched by Help AG?

One of our most significant recent developments is the introduction of Continuous Threat Exposure Management (CTEM), which is not just a single service but a comprehensive framework for managing and mitigating cybersecurity threats. CTEM represents a shift in how we approach security by offering a holistic suite of solutions that help organisations continuously assess, understand, and reduce their risk exposure. This framework includes vulnerability management, digital risk protection, workforce readiness, digital risk rating, and security control validation.

Each of these elements plays a crucial role. For example, digital risk rating gives organisations an external perspective on their security posture, which is particularly valuable when managing supply chain risks or third-party relationships. Security control validation ensures that all security measures are fully optimised and functioning as intended, reducing vulnerabilities across the board.

We’ve also enhanced our distributed denial-of-service (DDoS) threat exposure management service. This now includes a comprehensive approach to visibility, intelligence, and mitigation across cloud, on-premise, and hybrid environments. Given the increasing complexity and frequency of DDoS attacks, this full-lifecycle service is critical for organisations aiming to protect themselves against such evolving threats. We are committed to working with governments and enterprises across the region to ensure they are prepared.

Another important area we continue to focus on is the consolidation of technologies. The enterprise license agreement model has proven to be highly effective, allowing us to streamline and optimise technology stacks for many key accounts. This consolidation effort helps organisations simplify their cybersecurity infrastructure, reducing complexity and costs while increasing overall efficiency.

Through our Cybersphere Nexus initiative, we are also heavily invested in future-proofing cybersecurity by focusing on securing artificial intelligence and preparing for post-quantum cybersecurity.

As one of the region’s leading managed security service providers (MSSP), we are continually innovating. We’ve leveraged intelligent automation across our services, including the development of Project Unicorn, which centralises threat intelligence content. This ensures that updated threat content is automatically pushed to customers, enhancing their defence mechanisms in real-time.

Read: Nicolai Solling shares the impact of cyber threats in the GCC