Business

Gulf states harden digital infrastructure as cyber and drone threats rise

Cyberattacks, AI-enabled hacking and strikes on cloud facilities are pushing Gulf governments to rethink digital resilience.

Hana Yoshida

By Hana Yoshida · Markets Reporter

4 min read

Gulf states harden digital infrastructure as cyber and drone threats rise
Photo: Fortune

Gulf governments and companies are increasing their focus on digital resilience as cyberattacks climb and physical attacks hit cloud infrastructure. The shift matters because banking, energy, logistics and government services across the region now depend on connected systems that can spread disruption quickly.

Fortune reported that the pressure has intensified since the U.S.-Iran war began on Feb. 28. In the UAE, daily cyberattack attempts rose from about 200,000 to as many as 700,000 as regional tensions grew, according to a Help AG report cited by Fortune.

The UAE’s financial sector was hit last week by a wave of advanced cyberattacks, The National reported. The attacks were stopped, but the UAE Cyber Security Council said cybercriminals are using artificial intelligence to sharpen their methods, according to Fortune.

Help AG, the cybersecurity arm of UAE telecom operator e&, said AI is helping attackers speed up reconnaissance and change tactics during attacks. In the first quarter of 2026, Help AG said AI helped some attackers complete operations 65% faster than before, with certain incidents causing damage less than 40 hours after initial access.

Higher exposure comes as Gulf economies digitize core services. IBM estimated that the average data breach in the Middle East cost $7.29 million in 2025, compared with a global average of $4.44 million. Gartner projected information security spending across the Middle East and North Africa at $4.07 billion in 2026, up 10.1% from 2025.

Fortune reported that financial services, energy, logistics and government agencies in the Gulf Cooperation Council are relying more on automated and interconnected systems. That has pushed some organizations away from reactive security and toward continuous defenses tied to national resilience planning.

Abdulla Ebrahim Al Ahmed, chief government relations officer at e& UAE, said organizations need security that can adapt continuously, fit local requirements and protect critical infrastructure and citizen data in an AI-driven environment, according to Fortune.

Fortune reported that the UAE and Saudi Arabia are building cybersecurity requirements into infrastructure plans, with sovereign cloud systems gaining prominence. Sovereign cloud refers to computing infrastructure designed to keep data, metadata and systems within a specific legal jurisdiction.

Aleksandar Valjarevic, acting CEO of Help AG, said AI and sovereignty are changing how digital infrastructure is built, protected and governed across the GCC. He said organizations are shifting from adding tools to building adaptive, measurable and locally aligned capabilities, according to Fortune.

Spending is expected to rise further. P&S Intelligence projected GCC cybersecurity spending will exceed $9.6 billion by 2032, up from $5.9 billion in 2025.

The threat is not confined to malware. Reuters reported that two Amazon Web Services data centers in the UAE were directly hit by drones in early March, while an AWS site in Bahrain was damaged by a nearby strike. Fortune reported that the outages affected banking, payments, delivery apps and enterprise software across the region.

AWS moved workloads to other regions and said recovery would take time because of physical damage, according to Data Centre Magazine. Reuters reported that the strikes marked the first time military attacks directly targeted and disrupted data center operations belonging to a major U.S. technology company.

Fortune reported that AWS services in Bahrain were later targeted in additional drone strikes and damaged. Major U.S. technology companies including Microsoft, Google and Oracle operate cloud infrastructure in the Gulf, and CBS News reported that Iran has repeatedly threatened such facilities.

Sam Winter-Levy of the Carnegie Endowment for International Peace warned that attacks on data centers are likely to become more common as AI grows in strategic importance, according to Rest of World.

Fortune reported that GCC governments may respond by spreading data center development across more sites and adding network redundancy. Higher security spending and insurance premiums could also raise the cost of building and running facilities in the region.

Elizabeth Heyes of the Observer Research Foundation Middle East said in a report that the region needs insurance frameworks that account for instability. She said disruptions can move through supply chains, financial systems and physical infrastructure, raising questions about who pays when systems fail.

Fortune reported that cyber insurance is growing in the UAE and Saudi Arabia but remains less common than in mature markets such as the U.S. and U.K. Many policies also exclude or limit coverage for war, state-backed cyberattacks and broad infrastructure failures, issues that have become more pressing as regional tensions rise.

This story draws on original reporting from Fortune.