AI and quantum readiness reshape cyber resilience in the Middle East 

Introduction

The Middle East has entered a new phase in its cybersecurity evolution. Building on foundational resilience, organisations are now embedding security into boardroom agendas, aligning cybersecurity with business growth, and investing in future-ready technologies like AI and quantum.

The 2026 Global Digital Trust Insights: Middle East findings report reveals how Middle Eastern leaders are shifting from reactive defence to proactive resilience, treating cybersecurity as a strategic enabler rather than a cost centre. As trust becomes a defining factor in transformation, the region is positioning itself as a global pacesetter.

Our survey findings reflect a region advancing in parallel with national transformation programmes and economic diversification – a broader context that is helping to amplify momentum around digital trust and security. Cybersecurity is no longer just about protection – it is about enabling trust, resilience and innovation in economies that are advancing faster than their global peers. With early steps into areas such as AI governance and quantum readiness, the Middle East is building the capabilities needed to keep pace. This will be essential in a rapidly changing digital landscape.

Taken together, these findings show rising budgets, CEO-CISO alignment, early moves into quantum and a shift from reactive defence to proactive resilience. The overall picture is of a region moving with confidence and ambition, committed to digital trust. To sustain this momentum, leaders will need to make deliberate choices about where to focus their efforts next. 

PwC’s 2026 Global Digital Trust Insights survey of 3,887 business and tech executives across 72 countries reveals how leaders are handling this era of uncertainty, where they’re falling short, and what they might do differently to better meet the challenge. Among key findings in the Middle East:

• 62% of Middle East respondents expect their cyber budgets to increase in 2026, compared to 50% globally

• 88% of organisations in the region are already measuring the potential financial impact of cyber risks

• 53% of Middle East organisations cite lack of knowledge as the biggest barrier to adopting AI for cyber defence, compared to 50% globally

• 50% of respondents in the region are prioritising AI and machine-learning tools to address cyber talent gaps over the next 12 months

• 30% of organisations in the region are planning to implement responsible AI practices in the next 12 months, compared with 23% globally

Organisations across the Middle East continue to rank digital and cyber risks above other concerns. When asked over the next 12 months, which of the following areas within their organisation’s cyberstrategy is changing in response to the current geopolitical landscape, 60% of Middle East business and tech leaders, in line with their global peers, reported ‘increase in cyber risk investment’ among their top three cyber strategy priorities. This indicates that regional organisations recognise cyber as a frontline risk and a core business resilience priority. 

The region is adopting a multilayered defense strategy, combining sustained investment in infrastructure and monitoring, stricter security standards, and regulatory mandates to ensure that digital transformation is matched by strong cyber resilience.¹

Rising budgets and stronger boardroom focus

Cybersecurity spending is set to continue rising in 2026, with 80% of regional respondents saying their organisations will increase their cyber budgets and a quarter of them expect budget increases of 11% or more, compared with 17% globally. This reflects strong board commitment and recognition that digital trust is now essential for competitiveness. Half of CISOs in the region are now providing cybersecurity programme insights directly to the CEO to inform strategic decisions – compared with 46% globally and nearly half (48%) are meeting regularly with the board, in line with their global peers. 

Last year, the emphasis was largely on oversight; this year, this provides clearer evidence of CISOs acting as genuine partners in enterprise strategy. The narrative is shifting from compliance and reporting to active collaboration at the executive level, embedding cyber within core business decisions.

In the Middle East, the key factors influencing cyber spend priorities over the next 12 months are data protection or data trust (52%), modernisation of technology (50%) and optimisation of current technology and investments (40%).  

Resilience remains a defining theme. In 2025, more than 40% of organisations in the region had already established dedicated resilience teams – well ahead of global peers. This year over half (53%) of Middle East respondents say they are prioritising proactive cybersecurity strategies over reactive approaches, close to the global average of 56%. This indicates that resilience is now seen as a strategic business priority, extending beyond the technical domain to shape wider organisational decision-making. The emphasis on proactivity also reinforces that speed of response is now considered as important as the strength of defences.

Data breaches highlight financial exposure

In the Middle East, 57% of respondents indicated that their organisation is already measuring the potential financial impact of cyber risks to a large or significant extent, well above the global average of 50%. This reflects growing recognition that cyber threats are now recognised as business risks.  

The finding underlines both the financial scale of incidents in the region and the reality that breaches are now increasingly common. In fact, the Middle East now ranks second globally for the average cost of a data breach, estimated at over US$7m per incident².

Survey findings indicate that organisations understand that building resilience starts with knowing and trusting data. While data quality ensures accuracy, cataloguing provides visibility of where sensitive information resides and together, they can reduce the risk of breaches. 

In the Middle East, more than half of respondents (53%) cited a lack of knowledge in applying AI to cyber defence as one of their top three internal challenges, broadly in line with 50% globally. A further 37% in the region pointed to a shortage of relevant skills, underlining the human capital dimension of AI adoption. Without closing knowledge gaps, organisations risk deploying AI that is poorly integrated, error-prone and vulnerable to misuse. Those that get it right will gain faster detection, stronger resilience and a decisive competitive edge. 

Embedding responsibility into AI adoption 

Responding to these challenges requires more than investment in tools – it demands governance frameworks that guide how AI is deployed across the enterprise. Organisations are discovering that effective adoption depends on harmonising data, systems and processes rather than relying on isolated solutions. The Middle East continues to show ambition, but leaders now recognise that success will come from embedding AI into operational reality. 

Quantum computing has shifted from a distant concern to a growing priority. In the Middle East, 27% of organisations report progress in implementing quantum-resistant security measures, compared with 22% globally, while another 27% are at the “piloting and testing” stage. If widely used encryption standards are broken by quantum advances, everything from national payments systems to cross-border trade flows could be exposed. That’s why leaders in the region are already piloting quantum-resistant measures, years ahead of necessity. This represents a clear step forward from last year, when quantum readiness was discussed largely in terms of future intent.

Actionable insights for business and tech leaders 

To sustain momentum and turn progress into lasting advantage, organisations must make deliberate choices about where to focus. The 2026 survey highlights five priorities that can help leaders embed digital trust more deeply into their businesses and prepare for the next wave of transformation. 

About the survey

The 2026 Global Digital Trust Insights is a survey of 3,887 business and technology executives conducted in the May through July 2025 period.

One-third of the executives (33%) are from large companies with $5 billion or more in revenue. Respondents operate in a range of industries, including financial services (21%); industrial manufacturing and automotive (21%); tech, media and telecom (19%); retail and consumer markets (16%); healthcare (10%); energy, utilities and resources (9%); and government and public services (4%).

Respondents are based in 72 countries. The regional breakdown is Western Europe (32%), North America (27%), Asia Pacific (18%), Latin America (11%), Central and Eastern Europe (6%), Africa (4%) and the Middle East (3%). 

The Global Digital Trust Insights survey had been known as the Global State of Information Security Survey (GSISS). Now in its 28th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives. 

PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey.