- 73% of businesses that suffered a cyber attack say a supplier was involved
- 68% of affected businesses experienced revenue loss
One in five Emirati businesses (21%) experienced cyber incidents in the past 12 months which they believe leveraged Artificial Intelligence, with phishing messages and deepfake images among the most frequent methods, according to global research* from business insurer QBE showing cautious enthusiasm for AI.
The findings are based on a global QBE study of more than 6,000 businesses across 15 countries, including 406 organisations in the UAE with between 100 and 2,000 employees.
Almost all Emirati businesses are already using Artificial Intelligence (82%) or looking into it (17%). Indeed, 97% of respondents expect AI to have a positive impact on their business in the next two years (53% very good and 44% somewhat good).
Sarah Hamlat, Senior Cyber Underwriter, QBE Middle East, said: “It’s encouraging to see UAE businesses adopting AI for productivity and innovation while putting governance around how it’s used. But AI risk doesn’t stop at the internal perimeter. Organisations need the same level of discipline and oversight across their third-party ecosystem, because weaknesses in the supply chain can quickly become risks to the business itself.”
Among the UAE businesses already deploying AI, the top reasons for doing so include to enhance productivity, efficiency, customer experience and innovation.
|
UAE businesses who are using AI do so to: |
|
|
Increase productivity |
49% |
|
Increase operational efficiency |
45% |
|
Improve customer experience and retention |
43% |
|
Drive innovation |
41% |
|
Improve decision-making |
38% |
|
Increase agility |
38% |
|
Improve compliance and reduce risk |
36% |
|
Grow revenue |
32% |
|
Build competitive advantage |
30% |
|
Enable personalisation at scale |
27% |
At the same time, organistions are taking steps to oversee AI deployment, including training staff, checking data quality, assessing impacts, and monitoring output for bias. However, businesses worry their suppliers might not be taking similar measures. Two in three respondents (67%) are concerned about potential risks arising from how their suppliers use AI. This might be linked to the role that third-party vulnerabilities played in the cyber incidents they have already faced.
Exposed through the supply chain
Over the past 12 months, 63% of UAE businesses have experienced one or more cyber events. Among them, 73% suffered at least one cyber attack that was related to a supplier and 68% experienced revenue loss.
The disruption has been significant, with 31% of businesses experiencing a cyber incident that resulted in at least one full day of business interruption. Looking ahead, 70% of respondents are concerned about the cyber threats they may face in the next 12 months, prompting increased investment: three in four expect to raise their IT cybersecurity budgets, including 43% planning increases beyond inflation.
Despite rising threat levels, cyber preparedness remains uneven. While 65% of businesses with 100-2,000 employees have cyber insurance in place, nearly one third (32%) remain uninsured, and 27% do not have an incident response plan, leaving them exposed when a cyber event occurs.
Sarah Hamlat added: “The UAE is a pioneer in the adoption of Artificial Intelligence, and it is encouraging to see businesses following this journey with a strong focus on security. As new technologies such as AI become embedded in operations, effective risk management remains fundamental to ensuring sustainable and resilient growth.”
* Methodology: Opinium surveyed 406 decision makers of IT, administration or insurance in businesses with 100-2000 employees in the United Arab Emirates from 2 to 15 April 2026. Data tables available upon request.
QBE’s checklist
To tackle cyber threats, businesses should:
• identify critical assets, threats, and vulnerabilities to gain a clear overview of exposure
• Define acceptable risk so leadership can set boundaries
• Prioritise mitigation strategies (direct resources towards areas of greatest impact)
• Test contingency plans and recovery protocols
• Stress test crisis management
• Incorporate third-party expertise to help manage residual and emerging risks
• Continuously adapt cyber defences to evolving threats, technology and business needs.
To mitigate third-party vulnerabilities, businesses should also:
• Implement strong identity and access management (IAM) protocols
• Run regular configuration audits
• Encrypt sensitive data across all cloud environments
• Evaluate the security posture of their third-party providers
• Establish clear protocols for managing supply chain exposure.