How is Generative AI being utilised to enhance cybersecurity measures today?
Generative AI is transforming cybersecurity across three critical domains—detection, defense, and governance. In detection activities, GenAI is proficient at analysing vast datasets to identify threats through automated threat intelligence analysis, rapid malware detection, and identifying deepfake content. Tools like Google Gemini can process malware samples in seconds rather than hours, dramatically improving response times and enabling more proactive security postures.

In defense activities, GenAI augments protective capabilities by evaluating language patterns and contextual signals to prevent sophisticated phishing attempts. Organisations are also deploying GenAI to create convincing decoy environments with synthetic data, deliberately misleading attackers while protecting genuine assets. When breaches occur, AI-powered playbooks are invaluable assets for security teams while deciding optimal remediation processes, reducing recovery time while ensuring consistent response protocols.

The governance domain benefits from GenAI’s ability to streamline compliance and awareness. AI tools continuously monitor regulatory changes and emerging threats, automatically suggesting policy updates to maintain compliance. Perhaps most promising is GenAI’s ability to create personalised, realistic training scenarios that adapt to individual employee behavior patterns, dramatically improving retention and effectiveness compared to generic security training approaches. These applications represent just the beginning of GenAI’s potential to redefine our approach to digital protection.

What potential risks does Generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
Generative AI is a double-edged sword, increasing cybersecurity risks as much as it helps protect against attacks. The broadening landscape for cybersecurity risk encompasses two critical aspects: GenAI empowers attackers with tools to accelerate and simplify their malicious actions, while simultaneously introducing security risks in organisations when deployed for usage.

GenAI per se does not generate new types of attacks. However, it simplifies exploit generation, improves the quality of known attacks, and further reduces the cost of creating malicious tools. It even enables less sophisticated actors to conduct complex attacks that were once reserved for only the most skilled malicious actors. AI-generated phishing attacks now create more sophisticated, human-like emails that increase the likelihood of successful social engineering. Cybercriminals can use GenAI to generate new types of malware, bypassing traditional security systems.

Deepfake-based impersonation using AI-generated audio and video can convincingly mimic executives or government officials, leading to fraud or misinformation campaigns. Particularly concerning is AI-enabled reconnaissance, where threat actors use AI to scan systems for vulnerabilities more efficiently, making cyberattacks more targeted and effective. Deploying GenAI in an organisation introduces new types of security risks, mostly around data exfiltration or manipulation. Hallucination risks in AI security models may produce false positives or misleading security insights, leading to incorrect threat assessments. Data poisoning attacks allow adversaries to manipulate training data to introduce biases or vulnerabilities into AI security models.

Supply chain attacks on AI models present significant risks, as compromised models can provide attackers with unauthorised access. Additionally, sophisticated attackers can manipulate AI-based decision-making, forcing systems to misclassify threats or grant unwarranted access. These emerging risks highlight the need for comprehensive security frameworks specifically designed for the GenAI era, balancing innovation with heightened safeguards against increasingly sophisticated threats.

How can organisations leverage Generative AI for proactive threat detection and response?
Organisations have multiple ways to leverage GenAI in their defense activities, fundamentally transforming security from reactive to proactive postures. AI-powered anomaly detection serves as a foundation, using real-time analysis to identify behavioral deviations that could indicate potential cyber threats before they manifest as full attacks. This works in conjunction with automated threat-hunting capabilities, where GenAI assists security analysts by identifying suspicious patterns and suggesting possible cyberattack vectors that might otherwise remain hidden.

The predictive capabilities of GenAI enable cybersecurity modeling that analyses historical threat data to forecast and prevent future attacks before they occur. When incidents arise, automated incident triage becomes critical—AI can categorise and prioritise security events, ensuring that the most severe threats receive immediate attention while optimising resource allocation.

Security operations benefit from contextualised threat intelligence dashboards where AI summarises and visualises threats in real time, providing actionable insights to cybersecurity teams. On the frontlines, phishing prevention, and email security systems leverage AI to filter and block increasingly sophisticated attacks by detecting language anomalies and metadata inconsistencies. Additionally, AI-powered malware reverse engineering can analyse new strains and generate automated responses to mitigate them rapidly. These capabilities collectively enable organisations to stay ahead of evolving threats, shifting the advantage away from attackers and toward defenders in the ongoing cybersecurity battle.

How do you see Generative AI evolving in the cybersecurity domain over the next few years?
Looking into the future, we see GenAI gaining more prevalence in enhancing defense capabilities across multiple dimensions of the cybersecurity landscape. Organisations will increasingly deploy stronger AI-powered cyber defenses that automate complex security tasks, dramatically improving efficiency while reducing the need for manual intervention in routine security operations.

The cybersecurity battlefield will transform into sophisticated AI vs. AI cyber battles, where defensive AI systems continuously adapt to counter AI-driven attacks. This evolution will necessitate continuous AI model adaptation and training to stay ahead of increasingly sophisticated threats. Identity management will see significant advancements through AI-based verification systems, with AI-driven biometric and behavioral authentication strengthening defenses against impersonation and credential theft.

Zero Trust Architecture implementations will be revolutionised as AI plays a larger role in enforcing these policies, continuously verifying users and devices before granting access to sensitive resources. This dynamic verification approach will significantly reduce the attack surface available to potential intruders. Simultaneously, governments and international organisations are defining and implementing stricter policies to prevent AI misuse in cyberattacks, striving for ethical AI usage in security contexts.

Organisations will leverage AI to continuously monitor compliance with these evolving cybersecurity regulations, automating what has traditionally been a resource-intensive process. Perhaps most forward-looking, as quantum computing progresses and brings new threats to conventional encryption methods, AI models will be adapted to counteract quantum-powered cyber threats, ensuring security resilience even as computational paradigms shift dramatically.

Why is cybersecurity highly relevant for critical infrastructure and its operators in the MEA region, and particularly now?
Critical National Infrastructure (CNI) operators in the MEA region face a dual responsibility: protecting shareholder interests while ensuring national security and stability. Their role extends beyond operational resilience to actively strengthening the country’s cyber defense through industry collaboration, intelligence sharing, R&D, and workforce development. Unlike conventional organizations, CNIs are prime targets for a broad spectrum of threat actors.

The consequences of cyberattacks go beyond economic and reputational damage, threatening national security by destabilizing critical sectors such as energy, financial markets, and healthcare. With rising geopolitical tensions amplifying both the frequency and sophistication of attacks, CNIs must take a leading stance in fortifying cybersecurity to mitigate disruptions that could have far-reaching implications.

Can you provide an overview of the current cybersecurity landscape for critical infrastructure in the MEA region?
The interconnected nature of critical infrastructure means that a weakness in one part of the supply chain can expose the entire ecosystem to cyber threats. The cybersecurity landscape for CNIs in the MEA region is shaped by sector-specific challenges across industries such as energy, telecommunications, healthcare, financial services, and public services. While each sector has unique vulnerabilities, common challenges persist, including workforce shortages, skills gaps, increasing regulatory pressures, rapid digitization, and heightened supply chain risks.

The global shortfall of 2.8 million cybersecurity professionals has left CNIs struggling to attract and retain talent, with critical positions such as cybersecurity leadership, architecture, and cloud security often remaining unfilled. Addressing this requires sustained investment in workforce development and alternative strategies to bridge expertise gaps.

National cybersecurity authorities are intensifying regulatory pressure by implementing sector-specific frameworks to strengthen cyber resilience. While foundational policies such as the ECC in KSA and Qatar’s Cyber Security Framework of 2022 provide a compliance baseline, additional regulations focusing on OT security, third-party risk management, and cloud governance are expected.

CNIs that operate internationally must also comply with overlapping regional and global requirements, adding complexity to their cybersecurity obligations. Meanwhile, rapid digitization is further expanding the attack surface. Financial institutions are focusing on digital customer touchpoints, while energy companies are integrating IT and OT environments—introducing new threats into previously isolated systems. IT/OT convergence makes cybersecurity not just a technological issue but also a health and safety risk with potentially severe consequences.

Supply chain vulnerabilities are becoming a growing concern, as cybercriminals increasingly exploit third-party vendors and cloud services to enter CNI networks. The interconnected nature of critical infrastructure means that a weakness in one part of the supply chain can expose the entire ecosystem to cyber threats. As attacks become more sophisticated, prioritization of proactive cybersecurity strategies , must be front and center , balancing compliance, workforce development, and digital resilience to safeguard national security and operational stability must be at the core.

What are the most notable trends in cyber attacks targeting these systems?
Several key trends are shaping the cyber threat landscape for CNI, including the commoditization of cyber-attacks, the rise of AI-supported threats, and the growing sophistication of well-funded, highly organized threat groups. The commoditization of cyber-attacks has made malicious activity more accessible and cost-effective than ever. Cybercriminals have become highly structured, operating like corporations, with hacking-as-a-service becoming a viable and increasingly prevalent business model. This has lowered the barrier to entry, enabling a wider range of actors to execute complex attacks.

AI has emerged as a double-edged sword—while it enhances cybersecurity defenses, it also provides attackers with powerful tools for automation, scripting, and deception. AI-assisted attacks allow individuals with limited expertise to carry out cyber intrusions that would have previously required specialized skills. Deepfake phishing, in particular, has surged, leveraging AI to create highly convincing fraudulent content across written, voice, and video formats, increasing the risk of social engineering attacks.

In addition, highly resourced and strategically motivated cyber groups are targeting CNIs to disrupt services, spread disinformation, or steal intellectual property. These adversaries often operate with long-term objectives and access to advanced capabilities, making them some of the most formidable threats to critical infrastructure. With cyber threats evolving in scale and sophistication, CNIs must continuously adapt their security posture to counter these emerging risks effectively.

How important is employee training and awareness in preventing cyber-attacks on critical infrastructure?
Employee training and awareness are fundamental to strengthening cybersecurity defenses for CNI. BCG research on major data breaches indicates that more than two-thirds result from organizational, process, or human failures—not technology—underscoring that people are the true first line of defense against cyber threats. Both structured training and ongoing awareness initiatives are essential to building a resilient security culture within CNIs.

Training equips employees with the necessary skills to identify and respond to cyber threats effectively. Foundational cybersecurity training should be mandatory for all employees, covering basic concepts and common risks. Leadership teams require additional insights into targeted threats such as fraud and impersonation, ensuring they can make informed decisions in high-risk scenarios. For technical personnel, continuous upskilling is critical, as staying ahead of emerging attack vectors can mean the difference between mitigating and succumbing to a breach.

Beyond training, awareness programs play a vital role in reinforcing cybersecurity best practices and fostering vigilance. CNIs implement initiatives such as phishing simulations to sensitize employees to real-world threats and drive behavioral change. At the executive level, cyberattack simulations help leaders assess their crisis response capabilities, ensuring that cybersecurity accountability is embedded at the highest levels of the organization, including the boardroom. Given the evolving threat landscape, investing in both training and awareness is not optional—it is a strategic necessity for safeguarding critical infrastructure.

What role does proactive information sharing play in securing critical infrastructure systems?
Proactive information sharing is a critical enabler of cybersecurity resilience for CNIs, significantly enhancing their ability to detect, prevent, and respond to threats. The sheer scale of incidents that security teams handle—sometimes exceeding a million per week in large CNIs—makes identifying real threats akin to searching for a needle in a haystack. On average, it takes nearly 300 days globally to detect a breach, and even mature organizations still require about 30 days to do so—far too long for a malicious actor to operate undetected within a network. Information sharing transforms one organization’s detection into another’s prevention (as noted by James Scott, co-founder of the Institute for CNI Technology.)

Beyond improving detection, effective information-sharing frameworks drive business value by preventing costly cybersecurity incidents. They help CNIs mitigate financial losses from system downtime, customer attrition, and reputational damage. Furthermore, sharing intelligence strengthens the entire ecosystem, advancing cybersecurity maturity across industries. Critical information exchanged within these networks includes indicators of compromise, best practices for mitigation, and standardized frameworks for secure data-sharing protocols.

Regulators play an essential role in fostering collaboration among CNIs, expanding cyber threat intelligence, and strengthening collective resilience. Their initiatives support defensive capabilities, improve incident response, and encourage secure collaboration while safeguarding data privacy. As cyber threats grow in complexity, CNIs must embrace a cooperative approach—leveraging shared insights to bolster defenses and minimize risk exposure across the sector.

What role do MEA governments play in regulating and enforcing cybersecurity standards for critical infrastructure?
MEA governments are implementing comprehensive cybersecurity regulation and enforcement frameworks for critical infrastructure, responding decisively to an increasingly complex threat landscape. Through empowered national cybersecurity authorities with cross-sector mandates, they are establishing rigorous governance structures that address the interconnected nature of modern cyber risks.

This strategic approach is evidenced by Qatar’s detailed National Cyber Security Strategy 2024-2030 and the UAE’s decisive 2023 Critical Information Infrastructure Protection Policy, which integrates critical infrastructure protection with national security imperatives while ensuring the continuity of essential services vital to economic stability. The MEA region has developed a sophisticated model of regional cybersecurity collaboration, establishing robust mechanisms for threat intelligence sharing and coordinated defense capabilities. Saudi Arabia demonstrates this through its stringent mandatory compliance framework for CNIs, implementing Essential Cybersecurity Controls (ECC) alongside sector-specific regulations that address emerging technical and operational risks.

This systematic approach extends to building critical security capabilities, as shown by initiatives like Saudi Arabia’s Women Empowerment in Cyberspace (WEC) program, which strengthens the region’s cybersecurity talent base while addressing crucial skill gaps in critical infrastructure protection. These coordinated efforts reflect the MEA governments’ clear understanding that effective critical infrastructure protection requires both strong national frameworks and deep regional cooperation to address evolving cyber threats.