A new global study by Cohesity reveals that UAE organisations are entering a new phase of cyber maturity. Having achieved world-class compliance with national data regulations, many are now discovering that compliance alone does not ensure business continuity when disruption strikes.
Cyberattacks expose the limits of compliance
According to the research, Risk Ready or Risk Exposed: The Cyber Resilience Divide, 59% of UAE organisations experienced a material cyberattack in the past year. Of these, 96% reported revenue loss and 69% lost customers.
Cohesity research published in October 2025 indicated that while 66% [1]of UAE companies say they are fully compliant with national data protection laws, the findings reveal that compliance alone cannot prevent disruption or guarantee rapid recovery. Cohesity studies show that increasingly UAE business is correctly identifying that the ability to restore data integrity and operations swiftly is becoming the real measure of resilience.
Johnny Karam, Managing Director and Vice President, International Emerging Regions, Cohesity, said: “The UAE has built one of the world’s strongest frameworks for data compliance and sovereignty, from the Personal Data Protection Law to national AI ethics guidelines,” he said. “But compliance is only half the equation. The next frontier is resilience, and proving you can recover fast, maintain trust, and continue operating when everything is on the line. While compliance assures confidence true resilience ensures business survival.”
GenAI acceleration outpaces risk readiness
The UAE’s rapid digital transformation and early adoption of GenAI are reshaping industries at an unprecedented pace. Yet 91% of UAE business leaders admit that GenAI is advancing faster than their ability to manage new risks. While 44% express confidence in their resilience strategies, only 6% of organisations globally have reached full resilience maturity.
This widening gap between innovation and preparedness is creating a new kind of exposure, one where automation and data intelligence must evolve as fast as AI innovation itself. The UAE’s leadership in digital transformation and AI ethics must now extend to embedding resilience into every layer of operations.
Gregg Petersen, Regional Director for the Middle East, at Cohesity said the results show a decisive shift in how organisations define cyber maturity.
“Enterprises across the UAE are racing ahead with GenAI adoption across all aspects of business, and while there are significant benefits that Gen AI can deliver to all data security aspects other aspects of the overall cyber resilience maturity within organisations hasn’t kept pace,” he said. “A genuinely mature cyber resliency stance today is not just about faster restoration, it’s about ensuring data integrity, protecting reputation, and preserving customer confidence. By embedding AI with appropriate consideration and guardrails into every layer of data security, Cohesity helps organisations close that gap, so recovery becomes instant, coordinated, and complete.
Resilience as a competitive advantage
The study concludes that resilience is becoming the new benchmark for leadership confidence and financial health. As AI continues to reshape business models, organisations that automate recovery and unify data protection will not only reduce downtime but also strengthen stakeholder trust and long-term growth.
Cohesity continues to work with public and private sector organisations across the Middle East through its AI-powered Cohesity Data Cloud, helping them transform resilience into a measurable business advantage — ensuring that when disruption strikes, recovery is fast, secure, and complete.
[1] This data is sourced from Cohesity’s UAE Data Sovereignty research (October 2025), as presented in the blog Data Sovereignty: Why It Matters Now More Than Ever in the UAE.
Discussion about this post