H e &) has released its State of the
CYBER-RESILIENCE
Help AG report maps GCC’ s cybersecurity priorities
elp AG( the cybersecurity arm of
H e &) has released its State of the
Market Report 2026, marking the sixth edition of its flagship annual analysis of cybersecurity trends across the UAE and Saudi Arabia.
Drawing on intelligence from Help AG’ s Security Operations Centres in Dubai and Riyadh, as well as insights from cybersecurity specialists, technology partners and customers across the GCC, the report highlights a decisive shift in how organisations must now understand and operationalise cyber resilience.
At the centre of the findings is a clear conclusion: cybersecurity in the GCC has entered a new operational reality defined by artificial intelligence, sovereign cloud infrastructure priorities and machine-speed attacks that are compressing traditional response windows beyond legacy security models. The report identifies sovereign cloud infrastructure as an increasingly important component of broader operational resilience strategies as organisations reassess cybersecurity, infrastructure control and continuity planning in response to evolving geopolitical and cyber risks.
Help AG’ s data shows a sustained rise in attack activity and complexity over the past six years. Between 2019 and 2025, distributed denial-of-service( DDoS) activity increased by 857 %, with more than 371,000 attacks recorded in 2025 alone. The longest observed DDoS attack persisted for more than 85 consecutive days, reflecting a shift from short-term disruption to sustained operational pressure.
Attack execution speed has also accelerated sharply. In Q1 2026, Help AG observed a 65 % increase in attack completion speed,
with several major compromises reaching operational impact in under 40 hours. According to the UAE Cybersecurity Council, cyberattack attempts targeting the UAE surged from approximately 200,000 per day to between 500,000 and 700,000 per day during heightened regional developments in Q1 2026.
Artificial intelligence has become a defining force across the cybersecurity landscape, reshaping both adversarial behaviour and defensive operations. Attackers are using AI to automate reconnaissance, scale phishing campaigns, accelerate exploitation chains and refine credential-based attacks with greater speed and precision.
Cyber sovereignty is emerging as a structural force shaping how digital infrastructure is built and operated across the GCC. Once viewed primarily through the lens of compliance and data residency, sovereignty is now influencing cloud architecture, security operations design, AI governance models and infrastructure ownership decisions.
The report also highlights post-quantum security as an emerging long-term infrastructure priority and identifies five shifts shaping cybersecurity strategy across the GCC: integrated resilience architectures, continuously adaptive AI-driven operations, measurable operational resilience, automation and institutional learning, and coordinated GCC-wide resilience alignment.
Dr Aleksandar Valjarevic, Acting Chief Executive Officer, Help AG
Dr Aleksandar Valjarevic, Acting Chief Executive Officer, Help AG, said:“ Across the GCC, AI and sovereignty are already reshaping how digital infrastructure is designed, secured and governed. The findings of this year’ s report show that cybersecurity must now operate continuously, at machine speed, and in direct alignment with national resilience priorities. For organisations, the focus is shifting from adding more tools to building adaptive, measurable and locally aligned security capabilities that can withstand sustained pressure.”
32 WWW. INTELLIGENTCISO. COM / MIDDLE-EAST