More than 70% of Middle East companies prioritize AI to elevate cybersecurity defense, BCG report finds

More than 70% of organisations in the Middle East reported suspected AI-enabled cyber attacks in the past year, and 70% of companies in the region now prioritise AI to bolster cybersecurity defences, a new Boston Consulting Group (BCG) report finds. The global survey of 500 senior leaders also found that 56% of Middle East firms increased cybersecurity budgets moderately (between 25% and 75%) over the past year, while none reported budget increases above 75%.

"The timing of these findings is critical. We are now operating in an environment where AI-enabled attacks are scaling faster than traditional security measures can respond, passive defense is no longer viable," said Shoaib Yousuf, Managing Director & Partner at BCG.

The BCG report highlights a shifting landscape shaped by rapidly advancing AI capabilities, including models such as Anthropic’s Claude Mythos, which the report says can outperform humans at hacking and security tasks and surface long-dormant vulnerabilities. The study underscores high-stakes examples of AI-enabled crime worldwide — including a reported $25 million deepfake CFO fraud and AI-driven ransomware incidents that have halted hospital operations — as context for why regional organisations are accelerating defensive measures.

Regional capabilities and gaps

Despite high prioritisation, the report identifies a gap between intent and resourcing. While 56% of Middle East companies increased cybersecurity spending moderately over the last year, none reported a greater than 75% uplift, contrasting with small shares in other emerging markets (3% in Africa and 4% in Latin America reported increases above 75%).

On capability, the Middle East leads globally in deployment of mature cybersecurity solutions: 32% of firms in the region now operate advanced, widely adopted, and proven cybersecurity technologies — the highest proportion across the markets surveyed. Demand for human expertise is also strong, with 64% of organisations reporting robust demand for specialised cybersecurity professionals to deploy and manage advanced AI-enabled tools.

Recommended priorities

• Establish board-backed accountability and funding for AI-enabled cyber risks: the report calls for elevating cybersecurity and AI to board agendas with clear ownership and measurable targets.
• Deploy AI as a core defensive capability: BCG recommends embedding AI across security operations to accelerate detection, incident response and anomaly identification, including alert prioritisation and behaviour-analysis tools.
• Secure AI systems themselves: protect AI models, data pipelines and training environments from manipulation through governance, continuous monitoring and rigorous testing.
• Build agility through multi-vendor architecture: avoid single-vendor dependency to reduce systemic blind spots and enable rapid integration of new capabilities.

BCG’s analysis argues that addressing AI-enabled threats requires unprecedented collaboration between CEOs and Chief Information Security Officers. CEOs are urged to treat cyber resilience as a strategic priority, while CISOs should accelerate deployment of high-impact AI-enabled use cases to keep pace with evolving offensive capabilities.

Looking ahead, the report positions the Middle East as a potential benchmark for other regions: proactive prioritisation and relatively high adoption of mature cybersecurity solutions could narrow the gap between defensive readiness and increasingly sophisticated AI-enabled attacks. However, BCG warns that limited extreme budget increases and continued pressure on talent pools mean many organisations must move faster to translate strategic intent into operational resilience.