The study found that one in three successful cyberattacks were attributed to Advanced Persistent Threat (APT) groups, which predominantly target government institutions and critical infrastructure. While the rapid adoption of new IT solutions is driving efficiency, it simultaneously expands the attack surface for malicious actors.

Cybercriminals in the region heavily utilize social engineering tactics (61% of cases) and malware (51%), often employing a combination of both. Remote Access Trojans (RATs) emerged as a primary weapon in 27% of malware-based attacks, indicating a common objective of gaining long-term access to compromised systems.

The analysis revealed that credentials and trade secrets (29% each) were the most sought-after data, followed by personal information (20%). This stolen data is frequently leveraged for blackmail or sold on the dark web. Beyond data theft, 38% of attacks resulted in the disruption of core business operations, posing significant risks to critical sectors like healthcare, transportation, and government services.

APT groups are identified as the most formidable threat actors due to their substantial resources and advanced technical capabilities. In 2024, they accounted for 32% of recorded attacks, with a clear focus on government and critical infrastructure. Their activities often extend beyond traditional cybercrime, encompassing cyberespionage and even cyberwarfare aimed at undermining trust and demonstrating digital dominance.

Dark web analysis further revealed that government organizations were the most frequently mentioned targets (34%), followed by the industrial sector (20%). Hacktivist activity was also prominent, with ideologically motivated actors often sharing stolen databases freely, exacerbating the cybercrime landscape.

The United Arab Emirates, Saudi Arabia, Israel, and Qatar, all leaders in digital transformation, were the most frequently cited countries on the dark web in connection with stolen data. Experts suggest that the prevalence of advertisements for selling data from these nations underscores the challenges of securing rapidly expanding digital environments, which cybercriminals are quick to exploit.

Positive Technologies analyst Alexey Lukash said, “In the near future, we expect cyberthreats in the Middle East to grow both in scale and sophistication. As digital transformation efforts expand, so does the attack surface, creating more opportunities for hackers of all skill levels. Governments in the region need to focus on protecting critical infrastructure, financial institutions, and government systems. The consequences of successful attacks in these areas could have far-reaching implications for national security and sovereignty.”

To help organizations build stronger defenses against cyberthreats, Positive Technologies recommends implementing modern security measures. These include vulnerability management systems to automate asset management, as well as identify, prioritize, and remediate vulnerabilities. Positive Technologies also suggests using network traffic analysis tools to monitor network activity and detect cyberattacks. Another critical layer of protection involves securing applications. Such solutions are designed to identify vulnerabilities in applications, detect suspicious activity, and take immediate action to prevent attacks.

Positive Technologies emphasizes the need for a comprehensive, result-driven approach to cybersecurity. This strategy is designed to prevent attackers from disrupting critical business processes. Scalable and flexible, it can be tailored to individual organizations, entire industries, or even large-scale digital ecosystems like nations or international alliances. The goal is to deliver clear, measurable results in cybersecurity—not just to meet compliance standards or rely on isolated technical fixes.

“Wade Gomes’ appointment marks an important milestone for CyberKnight in Southern Africa. His deep industry knowledge, decades of experience and leadership will be instrumental as we expand our presence and work closely with our partners and customers,” said Yaadhna Singh Gounden, Regional Director for Sub-Saharan Africa. “Our goal is to enable organisations to navigate the complexities of today’s cybersecurity landscape with confidence, leveraging best-in-class solutions and proven frameworks.”

South Africa’s ongoing digital transformation, coupled with the rising sophistication of cyber threats, has driven a greater emphasis on implementing strong security solutions and adhering to regulatory compliance. The region’s cybersecurity market is characterised by a significant demand for advanced technologies, particularly in areas like cloud security, AI-powered threat detection, and managed security services. As businesses embrace digitalisation, they encounter new vulnerabilities, necessitating scalable and innovative solutions to safeguard sensitive data and ensure uninterrupted operations. The collaborative efforts between government, businesses, and technology providers to bridge skills gaps and strengthen defenses highlight the significant growth potential in the region.

“I’m excited to be part of CyberKnight’s journey in Southern Africa. The region is at a critical point in its cybersecurity evolution, and there’s a real opportunity to make a lasting impact, by combining local expertise with global experience. I’m honored and excited to lead this mission locally, with a goal to transform South Africa into one of CyberKnight’s hubs and a center of excellence, by helping customers stay ahead of threats while maximising the value of their cybersecurity investments,” added Wade Gomes, Country Manager at CyberKnight.

CyberKnight’s establishment in South Africa signifies its complete coverage across the African continent. The company brings its Zero Trust Security philosophy and a portfolio of leading global cybersecurity vendors to assist enterprise and government organisations throughout Africa in managing risk and enhancing resilience as they navigate evolving regulations and threats.

What do you see as the most critical emerging cybersecurity threats in 2025, and how should organizations prepare for them?
Emerging technologies like AI and ML are disruptors leading to the rise of cyberattacks. AI-powered attacks are increasingly affecting businesses via phishing scams, ransomware attacks, malware attacks, and endpoint vulnerability exploitation. Organisations need to move beyond traditional defences to mitigate this risk. By investing in proactive measures, like penetration testing to uncover vulnerabilities, and using purple team exercises to simulate real-world attacks, organisations can improve their threat detection and response.

With threats targeting both on-premises systems and cloud environments, it’s crucial to secure all digital fronts. Companies must also run tailored incident response drills to stay ready for fast-moving threats. Ultimately, building a strong, adaptive cybersecurity strategy that accounts for AI-driven attacks is essential to protect digital assets and stay resilient in the face of evolving cyber risks.

How is the rise of AI and quantum computing reshaping the cybersecurity landscape, and what risks do they introduce?
As much as it is being hailed for making our lives easy, AI has also become a powerful ally for digital miscreants. In particular, threat actors are using generative AI (GenAI) to create highly convincing phishing emails, fake websites, and deepfakes for deceiving users and stealing their information. Threat actors are also using GenAI to develop sophisticated malware that bypasses traditional security defences.

Similarly, quantum computing is a double-edged sword. These powerful machines are capable of rendering traditional encryption methods obsolete, especially public key cryptography, as what once took a traditional computer years to decode RSA-2048 (a widely used encryption algorithm) takes a quantum computer a matter of seconds or minutes to decode.

How do you predict ransomware tactics will evolve in the near future, and what proactive measures should businesses take?
Threat actors are using AI to develop sophisticated, highly accurate ransomware that not only widens the reach of the attack but increases the impact on its victims. And this issue will only get worse as threat actors evolve their use of AI to carry out these attacks, drastically altering the threat landscape.

Businesses can adopt several key strategies to defend against ransomware attacks effectively. These include improving employee awareness and periodic training, restricting user access by implementing a Zero Trust approach and multi-factor authentication, taking regular data backups, keeping systems updated, and configuring the firewall to filter out suspicious activities and network segmentation to limit the spread of malware.

How does regulatory compliance (like UAE’s Data Protection Law or Saudi’s NCA requirements) impact cybersecurity strategies for regional businesses?
Governments across the region, led by the UAE and Saudi Arabia, have taken it upon themselves to enforce a safe and resilient cyberspace. This is in line with the region’s ongoing efforts to promote digital innovation, thereby delivering better services for people and driving faster economic growth. Compliance mandates, like Saudi Arabia’s and the UAE’s PDPL, play a major role in setting various polices, standards, and guidelines to safeguard the IT infrastructure in the respective countries. By incorporating these controls in their cybersecurity strategies, regional businesses can improve their security posture and protect their sensitive data. Failure to do so not only makes them vulnerable to cyberattacks, but invites substantial fines, legal action, and loss of operating license.

Can you explain ManageEngine’s “unified security” approach and how it simplifies cybersecurity for enterprises?
With over 20 years of experience in observing the changing IT landscape and building highly scalable and integrable solutions, ManageEngine recognises there is no single path to cyber resilience for enterprises. To stay ahead of both established and emerging threats, there is a need to take a holistic approach wherein identities, endpoints, and network infrastructure are all properly secured and governed. ManageEngine’s AI-powered cybersecurity solutions, all of which have been built from ground-up, effectively ensure this. They also help enterprises comply with the most important cybersecurity frameworks and data privacy regulations like the GDPR and the PDPL.

How does ManageEngine leverage AI to enhance phishing simulations and employee training?
For over a decade, we have been researching emerging technologies, resulting in the development of our own in-house AI based on contextual intelligence. We understand AI’s importance in detecting and mitigating cyberattacks. Our AI capabilities can be leveraged for a variety of security use cases, such as ransomware protection, anomaly detection, data exfiltration, and preventing insider access abuse.

Most phishing attacks are carried out via email, which lures an individual to download malware that enables the attacker to breach the user’s system and network. By relying on AI, our solutions can flag potential phishing attempts by continuously analysing emails and websites. This will enable security administrators to prioritise such threats and mitigate their impact.

The OT-focused conference at GISEC Global tackled evolving risks, system vulnerabilities and strategies for securing critical infrastructure. Other important considerations included AI in ICS/OT Security, Quantum Computing Threat, Protecting ICS and SCADA Systems & Digital Supply Chains in the presence of top CISOs, CIOs, OT security heads and policy-makers to fortify SCADA, ICS and digital supply chains.

The global OT security market is projected to double to $44.9 billion by 2029 (as per Markets and Markets). According to research by IBM, the average cost of cyberattacks on organisations in the Middle East is $8.75 million, nearly double the global average. OT security encompasses advanced cybersecurity protocols designed to ensure the integrity, availability and safety of industrial control systems. As critical infrastructure faces escalating cyber threats, robust OT security is essential for maintaining continuity across the oil & gas, manufacturing, energy, transport and utility sectors.

In late 2024, ransomware groups accelerated attacks on industrial sectors, with manufacturing, transportation and ICS operations prime targets. Only aggressive defence, intelligence sharing and cross-sector collaboration will safeguard critical infrastructure into 2025 and beyond. The audience heard from experts on the need for modern OT protection which delved into precision AI, leveraging machine learning, deep learning and large language models.

Discussing cybersecurity threats in the maritime industry, where ships can hold up to 10,000 passengers, are driven autonomously and each country has their own set of AI regulations, Simone Fortin, Global CISO Cruise Division at MSC Cruise Division, called for streamlined regulations that can be applied to all countries around the world.

He said, “For an industry like maritime, which is regulated by the UN, it is hard to interpret how to prevent AI threats for something critical like managing a ship. The UN gives the policy a broader scale, but then everything is regulated by bilateral agreements between the states and the regulators, and implemented by companies; but then, everything is defined by the fact that you could be in international waters. And ships can be owned by one entity, managed by another while sailing under a separate flag.”

Bridging the gap between AI-powered cyber defence and critical infrastructure resilience, the OT Security Track also put the spotlight the escalating IoT/IIoT threats in the oil & gas sector, featuring frontline insights from global CISOs defending the world’s most targeted industries.

Amal Krishna, Executive Director & CISO, ONGC, said, “To combat the surge in OT cyberattacks, businesses must prioritise asset visibility, network segmentation and secure remote access – but equally critical is breaking down silos between IT, OT and engineering teams. Cyber resilience in critical infrastructure isn’t just about technology, it’s about collaboration, continuous monitoring and a security-first culture.”

Albert Vartic, Upstream OT Cybersecurity Officer, OMV Petrom, added, “Over the next five years, OT cybersecurity in the Middle East’s critical infrastructure will see significant evolution. The region’s rapid digitalisation has expanded the attack surface, making industrial systems more vulnerable – proactive measures like IEC 62443 adoption and cross-team collaboration will be essential to safeguard operational resilience.”

Exhibitors Ayman Al Issa (CPX) and Mohammed Mousa (CyberKnight) dissected the 49% surge in OT attacks, offering actionable defences for the energy, healthcare and manufacturing sectors. Mousa, OT/xIoT Consultant at CyberKnight, warns that legacy OT systems weren’t built for today’s threats.

He explained, “The escalation in intrusions is a consequence of accelerated digital transformation in industrial sectors. As organisations integrate IT and OT environments to improve efficiency and support the business, they inadvertently expand the threat surface. Furthermore, legacy systems remain in operation far beyond their intended lifespan and often lack native security controls. Meanwhile, increased reliance on remote access, third-party integrations, and limited OT-specific cybersecurity governance heightens exposure. Simply put, organisations are moving faster than their security strategies are evolving.”

For businesses and governments to stay ahead of cyber criminals, Al Issa, Director – OT Cybersecurity at CPX, emphasised the importance of undertaking risk and threat assessments to understand what assets are at risk and how potential attackers might target them, sooner rather than later. He said, “In today’s fast-shifting business landscape, organisations need to focus on identifying their most critical assets – those that are at the highest risk and that they care about the most, rather than trying to protect everything or plan for recovery across the entire business. As such, organisations should conduct in-depth threat and risk assessments specifically considering the unique characteristics of industrial control systems (ICS), including their physical consequences. This involves mapping out interdependence, potential attack vectors and consequences of downtime. Using threat intelligence and aligning with frameworks like CIS ICS Controls can help organisations monitor suspicious activity, manage vulnerabilities and create tailored incident response plans. Once this is clear, more targeted and practical defence measures can be put in place and continuously tested, using threat intelligence to stay ahead of evolving threats. Risk assessments should be continuous, evolving with technological changes and emerging threats and should be validated through regular penetration testing.”

Amr Elsayed, Regional OT/ICS Cybersecurity Specialist at CyberKnight, agrees, saying technology, collaboration and workforce training should be key priorities for businesses. He said, “To enhance OT security resilience against rising cyber threats, businesses should adopt a Zero Trust approach, enforcing least-privilege access and micro-segmentation to limit breach impact. Advanced real-time monitoring and threat intelligence sharing (ISACs, public-private partnerships) are critical for proactive defences. Additionally, maintaining accurate OT asset inventories, conducting OT-specific incident response drills and implementing risk-based vulnerability management (compensating controls, tailored patching) will strengthen security postures. Finally, OT-focused employee training ensures a security-aware workforce. By prioritising these measures – spanning technology, collaboration and workforce readiness – organisations can safeguard critical infrastructure, mitigate disruptions and build long-term cyber resilience in OT environments.”

With Middle East nations rapidly adopting digitisation into their day-to-day practices, the region is becoming a target for cyberattacks. However, the experts expect a number of measures to be put in place to protect cybersecurity infrastructure, and GISEC 2025 could be where policymakers and tech giants will draft the playbook. Al Issa added, “Over the next five years, we can expect a major shift toward structured, regulation-driven cybersecurity approaches. AI-driven OT threat detection, the widespread adoption of Zero Trust principles and deeper integration of compliance frameworks will define the regional OT cybersecurity landscape. Stricter regulatory frameworks and compliance mandates region-wide will push for better security practices.”

Organised by Dubai World Trade Centre, GISEC Global 2025 is hosted by the UAE Cybersecurity Council under the theme of ‘Securing an AI-Powered Future’, and supported by Dubai Electronic Security Center (DESC), UAE Ministry of Interior and Dubai Police.

At GISEC, ESET will spotlight its latest innovations across threat intelligence, endpoint protection, extended detection and response (XDR), and cloud-native security. At GISEC 2025, ESET’s experts will demonstrate how its AI-driven, multi-layered security architecture empowers organizations to defend against advanced threats in real time, while also building long-term cyber resilience.

ESET’s participation highlights its dedication to supporting digital transformation across the GCC and broader Middle East region. As governments and enterprises continue to adopt cloud, mobile, and hybrid IT infrastructures, ESET’s solutions are enabling secure growth by providing deep visibility, adaptive threat protection, and operational flexibility. The company is also committed to enabling its regional partners through training, local support, and access to advanced tools designed for modern cybersecurity challenges.

Commenting on their involvement, ESET executives emphasized the strategic importance of GISEC in building stronger cybersecurity alliances. “As cyber threats become more sophisticated, collaboration and knowledge-sharing are key,” they said. “GISEC is a valuable platform for us to connect with regional leaders, share our award-winning technologies, and shape a more secure digital ecosystem.”

“The race to embed AI into environments has inadvertently created a new set of identity security risks centered around the access of unmanaged and unsecured machine identities – and the privileged access of AI agents will represent an entirely new threat vector,” said Craig Harwood, Area VP for Africa and the Middle East at CyberArk. “For UAE organizations to stay resilient, CISOs and security leaders must modernize their identity security strategies to contend with a new and expanding attack surface characterized by the proliferation of identities with privileged access and made worse by damaging identity silos.”

‘Rise of the machines’ contributes to unsecured privilege sprawl: Machine identities, driven primarily by cloud and AI, now vastly outnumber human identities within organizations and nearly half have sensitive or privileged access. However, many enterprises leave both human and machine access to critical systems under-secured. There are 82 machine identities for every human in organizations worldwide.

In 92% of UAE organizations, the definition of a ‘privileged user’ applies solely to human identities – but 42% of machine identities have privileged or sensitive access. Fifty two percent do not have identity security controls in place to secure cloud infrastructure and workloads. Fifty four percent of UAE organizations experienced at least two successful identity-centric breaches in the past 12 months, ranging from supply chain attacks and compromised privileged access to identity and credential theft.

AI is everywhere and identity-centric agentic AI risk looms: Sanctioned and unsanctioned adoption of AI and large language models (LLMs) is simultaneously transforming organizations while amplifying cybersecurity risks. Concerns around the emergence of AI agents in the UAE and their privileged access underscores the urgency for targeted identity security investment. AI will drive the creation of the greatest number of new identities with privileged and sensitive access in 2025.

Only eighteen percent of UAE organizations have identity security controls for AI in place. Sixty percent cannot secure shadow AI usage in their organization. AI agent adoption roadblocks include manipulation and sensitive access concerns. Complexity and identity silos are overwhelming security leaders and undermining business resilience: Fragmented identity security programs and poor environmental visibility are diminishing resilience in the face of evolving cybersecurity threats. Most organizations face increased privilege-related compliance pressure.

Seventy percent of UAE respondents say identity silos are a root cause of organizational cybersecurity risk. Sixty eight percent of security professionals in the UAE agree that their organizations prioritize business efficiencies over robust cybersecurity. Human and machine identities – many of them with privileged access – are expected to double in 2025. Ninety percent of UAE organizations are under increased pressure from insurers mandating enhanced privilege controls.

CyberArk is also participating at GISEC Global 2025, taking place from 6–8 May at the Dubai World Trade Centre. The company will be present at the HELP AG stand, where it will host a dedicated pod showcasing its latest cybersecurity solutions and discuss the Identity Security Landscape report. Attendees will have the opportunity to engage directly with CyberArk’s leadership, including Craig Harwood, Vice President for Middle East and Africa, and Laurence Elbana, Director of Sales, who will be available throughout the event.

What key messages or solutions are you highlighting at GISEC this year?
At GISEC 2025, SANS is focused on turning knowledge into action by expanding access to world-class cybersecurity training. We’re highlighting the launch of the SANS GISEC Academy in Hall 4, a free, three-day program offering technical sessions led by SANS Certified Instructors on offensive operations, ICS incident response, and cyber threat intelligence. It’s the first time we’re introducing this hands-on learning format at GISEC, making expert-driven training accessible to attendees of all backgrounds and experience levels. At our main stand (Hall 7, Stand D75), we’re also showcasing how SANS is helping organizations build long-term cyber resilience across the region through practical, skills-based education.

How does GISEC help your company engage with the Middle Eastern cybersecurity market?
GISEC is one of the region’s main platforms for bringing together like-minded cybersecurity professionals from around the world. It allows us to connect with organizations, partners, and customers on a closer, one-to-one basis, opening conversations not just about the critical role of ongoing training, but also helping us better understand regional skills gaps. These insights allow us to tailor our programs to meet the evolving needs of the Middle Eastern cybersecurity community and support long-term resilience.

How would you describe the current cybersecurity threat landscape in the Middle East?
The Middle East is facing one of the most dynamic and challenging cybersecurity environments in the world. As digital transformation accelerates across sectors like energy, finance, and government, the attack surface is expanding quickly. Threat actors, ranging from cybercriminals to nation-states, are becoming more sophisticated, targeting critical infrastructure, supply chains, and sensitive data. We are seeing a rise not just in the volume of attacks, but in the precision and persistence behind them.

What are the most pressing cyber threats facing businesses in the region today?
Ransomware remains one of the most disruptive threats, particularly to critical industries like energy, healthcare, and finance. Phishing attacks have grown more sophisticated, often fueled by AI tools that create highly convincing emails and deepfakes. Beyond that, state-sponsored attacks are growing in frequency and complexity, often blending espionage with disruption. Businesses in the Middle East must be prepared for adversaries who are patient, well-resourced, and highly strategic in their operations. The rise of AI in cyberattacks is reshaping the threat landscape, making it essential for businesses to invest in AI-driven defenses, improve employee awareness, and develop stronger incident response strategies.

How do cultural or regulatory differences impact cybersecurity strategies in the Middle East compared to other regions?
Cultural and regulatory landscapes across the Middle East create both challenges and opportunities for cybersecurity. On the regulatory side, we see a strong push from governments to enforce data protection laws and critical infrastructure standards. This has helped raise cybersecurity awareness at the board level. Culturally, the emphasis on building trusted relationships is key, and cybersecurity initiatives that incorporate strong internal education and cross-team collaboration tend to succeed. Strategies must be tailored to respect local business practices while still aligning with global security standards.

How do your company’s products and services address the specific threats faced by regional businesses?
By staying closely connected with the community, we ensure our training stays relevant to the real-world challenges businesses here are encountering. Through expert-led training, certifications, and hands-on programs we offer tailored skill-based cybersecurity courses for organizations, designed around their specific pain points.

Are you partnering with any local entities or governments to enhance regional cybersecurity resilience?
Yes, we work closely with local government entities, offering tailored programs that align with regional needs and workforce development goals. Through initiatives like our Cyber Academies, we collaborate with national entities to equip local talent with practical, industry-relevant skills. These programs are inclusive, accessible, and results-driven, often leading to globally recognized GIAC certifications that open doors to long-term careers in cybersecurity.

For instance, last year, our Cyber Academy initiative in Bahrain, delivered in collaboration with a government entity, trained Bahraini nationals aged 18 and above through an intensive eight-week program, culminating in three GIAC certifications. Similarly, we ran two Cyber Academies in Kuwait, helping participants develop practical skills to combat evolving threats in critical sectors. These efforts not only address immediate skills gaps but builds sustainable cybersecurity ecosystems using local talent.

What advice would you give to regional businesses looking to strengthen their cybersecurity posture in 2025?
Start by investing in your people. Technology alone will not solve today’s challenges. Businesses must prioritize hands-on skills development, continuous training, and cultivating a security-first culture across all levels. It is also critical to approach cybersecurity as a business enabler, not just a technical function. That means aligning security investments with business goals, understanding the evolving threat landscape, and building resilience through proactive risk management. Finally, collaborating with trusted cybersecurity partners and participating in regional threat intelligence sharing initiatives will be essential in the year ahead.

Together, Veeam and CrowdStrike enhance data security by combining Veeam’s industry-leading data resilience capabilities with the AI-native CrowdStrike Falcon cybersecurity platform. The result is end-to-end visibility into security threats—minimizing and even preventing the business impact of cyber incidents. The partnership launches with two new fully supported integrations:

1. Veeam App for CrowdStrike Falcon LogScale
2. Veeam Data Connector for CrowdStrike Falcon Next-Gen SIEM

These integrations allow organizations to view Veeam Data Platform events directly within the CrowdStrike Falcon platform, creating a unified solution that improves insights into system activity and security events. This empowers IT and security teams to detect, prevent, and respond to cyber incidents more effectively.

“We know that 89% of threat actors specifically target an organization’s backups, putting critical data recovery at risk,” said John Jester, chief revenue officer at Veeam. “Delivering comprehensive protection against these attacks requires strategic partnerships. That’s why we’re building strong integrations with industry leaders like CrowdStrike to ensure customers take a connected approach to cybersecurity and data resilience. We continue to enhance Veeam Data Platform security capabilities and integrations to ensure that an organization’s backups are clean and secure to recover from a ransomware attack. By combining Veeam Data Platform’s industry-leading malware detection, indicators of compromise (IoC) detection and proactive threat assessments with CrowdStrike’s AI-powered capabilities, we help customers ensure their backups are secure and their data resilient.”

“The surge in cyber threats and ransomware attacks continues to put enterprise data at risk,” said Daniel Bernard, chief business officer at CrowdStrike. “Our partnership with Veeam brings together best-in-class cybersecurity with industry-leading data resilience, giving joint customers a unified defense to reduce risk and ensure rapid recovery. By bringing Veeam Data Platform events into Falcon Next-Gen SIEM, we’re delivering centralized visibility that empowers security and IT teams to respond faster and more effectively across the entire attack surface.”

The integration brings Veeam Data Platform event data into Falcon LogScale and Falcon Next-Gen SIEM, delivering deeper visibility and accelerated threat analysis. By combining Veeam’s backup insights with CrowdStrike’s industry-leading threat intelligence and real-time visibility across the enterprise, organizations can eliminate blind spots and reduce risk across their data and backup environments.
The Veeam App for Falcon LogScale includes pre-built dashboards, automated data parsing and proactive alerting to improve detection and response across the enterprise. It also adds support for Veeam Backup for Microsoft Entra ID, enhancing visibility into identity-based threats and data infrastructure activity.

Security teams can leverage predefined searches and scheduled alerts to quickly surface relevant security events, enhancing threat-hunting and response efforts. Real-time, low-impact scans during backups—powered by advanced AI and machine learning—detect even the most subtle anomalies and malware. These proactive alerts equip Security Operations Center (SOC) analysts with the intelligence needed to accelerate incident response and stay ahead of evolving threats.

Veeam Data Platform delivers comprehensive end-to-end cyber resilience, supporting organizations before, during and after a cyber incident. It features proactive threat detection with the patent-pending Recon Scanner, which identifies potential ransomware threats before backups are created. During the backup process, inline entropy analysis, signature-based malware scanning and IoC detection tools provide a defense-in-depth approach to identifying malicious activity.

The platform also supports incident response by assessing the scope of an attack and quickly identifying the last known good restore point through Veeam Threat Hunter. Additionally, Veeam Cyber Secure offers expert support from Coveware by Veeam to assist with ransomware assessment, negotiation and recovery. This proactive and comprehensive approach helps reduce cyber risks, minimize business disruption and is now available for CrowdStrike users—providing complete protection across cloud, virtual, physical, enterprise applications and unstructured data. Available to Advanced and Premium Veeam Data Platform users, these integrations are now accessible to CrowdStrike customers via the CrowdStrike Marketplace.

• Stop AI-powered threats
• Automate security and network operations
• Secure AI tools used by businesses

“Fortinet’s AI advantage stems from the breadth and depth of our AI ecosystem—shaped by over a decade of AI innovation and reinforced by more patents than any other cybersecurity vendor,” said Michael Xie, Founder, President, and Chief Technology Officer at Fortinet. “By embedding FortiAI across the Fortinet Security Fabric platform, including new agentic AI capabilities, we’re empowering our customers to reduce the workload on their security and network analysts while improving the efficiency, speed, and accuracy of their security and networking operations. In parallel, we’ve added coverage across the Fabric ecosystem to enable customers to monitor and control the use of GenAI-enabled services within their organization.”

Key upgrades:
FortiAI-Assist – AI That Works for You

1. Automatic Network Fixes: AI configures, validates, and troubleshoots network issues without human help.
2. Smarter Security Alerts: Cuts through noise, prioritizing only critical threats.
3. AI-Powered Threat Hunting: Scans for hidden risks and traces attack origins.

FortiAI-Protect – Defending Against AI Threats

1. Tracks 6,500+ AI apps, blocking risky or unauthorized usage.
2. Stops new malware with machine learning.
3. Adapts to new attack methods in real time.

FortiAI-SecureAI – Safe AI Adoption

1. Protects AI models, data, and cloud workloads.
2. Prevents leaks from tools like ChatGPT.
3. Enforces zero-trust access for AI systems.

FortiAI processes queries locally, ensuring sensitive data never leaves your network.

Recent research conducted by Veeam and McKinsey reveals a concerning disconnect in organizational preparedness. While 30% of CIOs rate their data resilience as above average, fewer than 10% actually meet that standard. This misalignment carries significant consequences, with IT downtime costing Global 2000 companies more than
400 billion annually – averaging 200 million in losses per enterprise due to operational disruptions, recovery expenses, and reputational harm.

“Data resilience is critical to survival—and most companies are operating in the dark,” said Anand Eswaran, CEO of Veeam. “The new Veeam DRMM is more than just a model; it’s a wake-up call that equips leaders with the tools and insights necessary to transform wishful thinking into actionable, radical resilience, enabling them to start protecting their data with the same urgency as they protect their revenue, employees, customers, and brand.”

The Veeam DRMM provides organizations with a structured methodology to assess and enhance their resilience across three core dimensions: data strategy, people and processes, and technology. As the only industry framework developed by a consortium of experts, it offers a complete view of cyber resilience, disaster recovery, and operational continuity.

The study highlights that 74% of organizations operate at the two lowest maturity levels, leaving them vulnerable to extended outages and data loss. In contrast, companies achieving the highest maturity level recover from incidents seven times faster, experience three times less downtime, and suffer four times less data loss than their peers. Alarmingly, the research also found that 30% of CIOs at the least resilient organizations incorrectly believe their capabilities are stronger than they actually are, creating dangerous blind spots.

“Data resilience isn’t just about protecting data, it’s about protecting the entire business,” Eswaran continued. “This is the difference between shutting down operations during an outage or keeping the business running. It’s the difference between paying a ransom or not. It provides the foundation for AI innovation, compliance, trust, and long-term performance – including competitive advantage.”

Developed in collaboration with McKinsey & Company and validated by insights from more than 500 IT and security leaders, the DRMM has already delivered measurable results. Implementations include a healthcare network that reduced outage costs by $5 million per incident and a multinational bank that eliminated cyber incidents entirely after adopting the framework alongside Veeam’s platform.

Investments in data resilience yield substantial returns, according to the research. For every dollar spent on resilience measures, organizations typically see $3 to $5 in benefits—with some achieving returns as high as $10 through improved uptime, reduced incident costs, and greater operational agility. These tangible benefits have propelled data resilience to become the second-highest priority for IT leaders, surpassed only by cost optimization.

”As organizations increasingly recognize the growing risks associated with data outages and cyber threats, the report underscores the importance of a collective commitment from executives beyond the IT department, to data resilience,” said George Westerman, Principal Research Scientist at the MIT Sloan School of Management. “Data outages can severely impact customer-facing capabilities and erode shareholder trust of an organization. But even more, they can be a signal of immature IT management processes that have led to overly complex, hard to manage, IT infrastructure. The Digital Resilience Maturity Model highlights ways that businesses can equip themselves to handle today’s challenges while being ready for tomorrow’s opportunities.”

The DRMM categorizes organizational resilience into four progressive stages. At the Basic level, companies rely on reactive, manual processes with high exposure to risk. Intermediate organizations demonstrate reliability but struggle with fragmented systems lacking automation. Advanced enterprises take a strategic, proactive approach but may lack full integration. The pinnacle Best-in-Class tier represents fully resilient organizations leveraging autonomous operations and AI optimization.