The cybersecurity landscape in the UAE shifted in a way that forced every organization to confront how exposed their digital foundations had become. Threats accelerated, infrastructure grew more interconnected, and newly issued national policies placed clear expectations on how security must be governed. The year demanded hard decisions for CISOs and technology leaders, not because of a single defining event, but because every part of the digital ecosystem changed at once.
Advanced attacks began moving faster than traditional controls. Cloud expansion introduced new obligations around data handling and cryptographic strength. AI systems created new opportunities and new weaknesses in equal measure. The result was a climate where security could no longer be treated as a supporting capability. It had to be measurable, resilient, and built to adapt.
We recap the major policies and incidents that shaped 2025, providing leaders with the context needed to plan the next phase of their security roadmap.
1. New Policy Mandates Shaping the Digital Future
The UAE introduced several national policies that require immediate investment and structural upgrades from any organization handling sensitive data. The national direction is focused on quantum readiness and full-lifecycle cloud security.
National Cybersecurity Strategy 2025–2031
The strategy released this year set a unified governance model across federal and emirate entities. It strengthens national supply chain security, including the required use of Software Bills of Materials. It also positions the UAE to lead in securing AI and quantum technologies. The intent is clear. Alignment with this framework is required for anyone operating within the country’s digital ecosystem.
National Encryption Policy and Quantum Migration
One of the most demanding mandates came with the approval of the National Encryption Policy in November 2025. It introduces a complete redesign of how sensitive data must be protected. Government entities are now required to:
- Prepare transition plans that detail the move from current encryption to Post-Quantum Cryptography.
- Build crypto agility across services so encryption can evolve without interrupting operations.
Support from the National Post-Quantum Migration Programme and technical coordination with national partners such as QuantumGate accelerated the rollout. The UAE has moved from research to implementation and set a national timeline for PQC adoption that outpaces many advanced economies.
National Cloud Security Policy and Data Requirements
Cloud adoption grew sharply this year, turning the existing National Cloud Security Policy into a central pillar of operational compliance. This framework places strict controls on data location and sovereignty. Organizations must demonstrate strong contractual controls with their cloud providers, enforce clear access governance, and protect sensitive workloads with defined security layers. Furthermore, updates to data protection regulations increased penalties for violations and required explicit user consent for processing personal information. Certain categories of data now must be stored in approved UAE data centers.
2. Major Breaches and Supply Chain Shocks
2025 will be defined by the financial damage caused by failures across global suppliers and technology ecosystems. These incidents proved that third parties now represent the most dangerous entry point into critical environments.
The $1.5 Billion Bybit Crypto Heist
The biggest financial loss of the year was the $1.5 billion ETH theft at the Dubai-based exchange Bybit in February. The FBI later confirmed that the Lazarus Group was responsible. The attack showed how a single weak link in a technical workflow can bypass even the strongest wallet architecture.
Attackers infiltrated a third-party developer’s workstation involved in the multisig signing process. They inserted malicious code into the transaction interface and gained approval for unauthorized transfers. This bypassed MFA and neutralized the protections offered by cold storage and multisig setups. The lesson was clear. Operational workflows that support secure systems can be manipulated without ever breaching the primary platform.
The Jaguar Land Rover Shutdown
One of the most destructive industrial attacks struck Jaguar Land Rover in September. Ransomware halted production across multiple UK plants and caused widespread supply chain disruption. More than 5,000 businesses were affected.
Losses were estimated at around £1.9 billion. The event showed how exposed OT and ICS environments have become. The financial hit came from stalled operations, supplier disruption, and recovery work that far exceeded any ransom request.
Critical Infrastructure and Aviation Extortion
The UnitedHealth Group breach disrupted healthcare processing across the United States. Data from more than 190 million individuals was exposed. The financial impact across the industry passed $3 billion. The scale and duration of the outage demonstrated how fragile interconnected healthcare systems are when a single core provider is compromised.
In the UAE, a major airline faced a data leak claim from the Everest ransomware group in October. The case highlighted the ongoing risk of double extortion attacks that target both operational continuity and confidential information.
The Oracle Cloud Compromise
The breach involving Oracle Cloud in March triggered concern across enterprises that rely on public cloud services. The UAE Cyber Security Council confirmed that 634 local entities were impacted by follow-on threats linked to this exposure. The issue was tied to weaknesses in older authentication components within the provider’s infrastructure. The incident reinforced that cloud platforms, even at global scale, can carry hidden weaknesses buried deep inside legacy systems.
3. The New Wave: AI, Zero Trust, and Autonomous Threats
The final quarter of 2025 confirmed that AI is now central to how attacks are executed and how defenses operate. Combined with tightening global policies, this shift is forcing organizations to redesign their core security models.
The Rise of Autonomous Cyberattacks
One of the most significant developments was the emergence of large-scale campaigns executed primarily by AI agents. Multiple intelligence teams reported that these systems carried out most phases of the attack lifecycle. Automated reconnaissance, vulnerability scanning, and exploit generation were completed with little human involvement. The outcome was a level of speed and adaptability that traditional defenses struggled to track. This change requires organizations to build strong AI governance controls to protect sensitive data from automated scanning and harvesting activities.
AI in Defense and the Zero Trust Push
Defensive technology advanced at the same pace. AI-driven XDR and MDR platforms expanded rapidly, using generative models to predict threats, correlate signals, and automate response steps. These systems align with the Zero Trust model, which continued gaining global regulatory traction.
The United States moved forward with new requirements for federal vendors. The DoD and GSA finalized rules that require Zero Trust Architecture and verified Software Bills of Materials for all contractors. These standards are influencing global supply chain expectations, prompting international organizations to restructure their own security frameworks to stay eligible for major contracts.
SaaS Risk and Vishing Techniques
2025 also showed that human error remains a leading cause of compromise. Several campaigns succeeded by targeting Salesforce environments through weak API configurations and social engineering. Attackers used advanced vishing techniques to obtain MFA codes from administrators, enabling data theft without touching the underlying application code. The cases highlighted that SaaS platforms require strict operational controls and continuous permission reviews, similar to the governance applied to on-premise systems.
Preparing for the Next Phase of Cybersecurity
The events of 2025 left no room for passive security strategies. Policies hardened, threat actors adopted automation at scale, and critical systems across the world proved far more fragile than expected. Organizations in the UAE now operate in an environment where cryptographic readiness, cloud governance, and AI-driven defense are no longer options but structural necessities.
The shift that began this year will continue to influence how infrastructure is designed, how suppliers are evaluated, and how risk is measured. Leaders who invest early in stronger verification, disciplined operational controls, and clear architectural standards will enter the coming period with an advantage. Those who rely on legacy approaches will face mounting pressure from regulators, attackers, and their own customers.
2025 set the direction for the region’s cybersecurity priorities. The next phase will be defined by how effectively organizations act on the lessons learned and build security programs that can sustain the scale and complexity of what comes next. For organizations looking to strengthen defenses across every layer, from cloud and data protection to AI governance and threat monitoring, iConnect’s cybersecurity services provide the guidance and operational support needed to meet these demands.
