A leading insight featured in the report is the unanimous view among interviewees that interest in the technology has surged over the past few years, with more and more business customers becoming curious and increasingly knowledgeable about its potential applications.

Mats Thulin, Director AI & Analytics Solutions at Axis Communications

“AI is a technology that has the potential to touch every corner and every function of the modern enterprise. That said, any implementations or integrations that aim to drive value come with serious financial and ethical considerations. These considerations should prompt organisations to scrutinise any initiative or investment. Axis’s new report not only shows how AI is transforming the video surveillance landscape, but also how that transformation should ideally be approached,” said Mats Thulin, Director AI & Analytics Solutions at Axis Communications.

According to the Axis report, the move by businesses from on-premise security server systems to hybrid cloud architectures continues at pace, driven by the need for faster processing, improved bandwidth usage and greater scalability. At the same time, cloud-based technology is being combined with edge AI solutions, which play a crucial role by enabling faster, local analytics with minimal latency, a prerequisite for real-time responsiveness in security-related situations.

By moving AI processing closer to the source using edge devices such as cameras, businesses can reduce bandwidth consumption and better support real-time applications like security monitoring. As a result, the hybrid approach is expected to continue to shape the role of AI in security and unlock new business intelligence and operational efficiencies.

A trend that is emerging among businesses is the integration of diverse data for a more comprehensive analysis, transforming safety and security. Experts predict that by integrating additional sensory data, such as audio and contextual environmental factors caught on camera, can lead to enhanced situational awareness and greater actionable insights, offering a more comprehensive understanding of events.

Combining multiple data streams can ultimately lead to improved detection and prediction of potential threats or incidents. For example, in emergency scenarios, pairing visual data with audio analysis can enable security teams to respond more quickly and precisely. This context-aware approach can potentially elevate safety, security and operational efficiency, and reflects how system operators can leverage and process multiple data inputs to make better-informed decisions.

According to the Axis report, interviewees emphasised that responsible AI and ethical considerations are critical priorities in the development and deployment of new systems, raising concerns about decisions potentially based on biased or unreliable AI. Other risks highlighted include those related to privacy violations and how facial and behavioural recognition could have ethical and legal repercussions.

As a result, a recurring theme among interviewees was the importance of embedding responsible AI practices early in the development process. Interviewees also pointed to regulatory frameworks, such as the EU AI Act, as pivotal in shaping responsible use of technology, particularly in high-risk areas. While regulation was broadly acknowledged as necessary to build trust and accountability, several interviewees also stressed the need for balance to safeguard innovation and address privacy and data security concerns.

“The findings of this report reflect how enterprises are viewing the trend of AI holistically, working to have a firm grasp of both how to use the technology effectively and understand the macro implications of its usage. Conversations surrounding privacy and responsibility will continue but so will the pace of innovation and the adoption of technologies that advance the video surveillance industry and lead to new and exciting possibilities,” Thulin added.

“The race to embed AI into environments has inadvertently created a new set of identity security risks centered around the access of unmanaged and unsecured machine identities – and the privileged access of AI agents will represent an entirely new threat vector,” said Craig Harwood, Area VP for Africa and the Middle East at CyberArk. “For UAE organizations to stay resilient, CISOs and security leaders must modernize their identity security strategies to contend with a new and expanding attack surface characterized by the proliferation of identities with privileged access and made worse by damaging identity silos.”

‘Rise of the machines’ contributes to unsecured privilege sprawl: Machine identities, driven primarily by cloud and AI, now vastly outnumber human identities within organizations and nearly half have sensitive or privileged access. However, many enterprises leave both human and machine access to critical systems under-secured. There are 82 machine identities for every human in organizations worldwide.

In 92% of UAE organizations, the definition of a ‘privileged user’ applies solely to human identities – but 42% of machine identities have privileged or sensitive access. Fifty two percent do not have identity security controls in place to secure cloud infrastructure and workloads. Fifty four percent of UAE organizations experienced at least two successful identity-centric breaches in the past 12 months, ranging from supply chain attacks and compromised privileged access to identity and credential theft.

AI is everywhere and identity-centric agentic AI risk looms: Sanctioned and unsanctioned adoption of AI and large language models (LLMs) is simultaneously transforming organizations while amplifying cybersecurity risks. Concerns around the emergence of AI agents in the UAE and their privileged access underscores the urgency for targeted identity security investment. AI will drive the creation of the greatest number of new identities with privileged and sensitive access in 2025.

Only eighteen percent of UAE organizations have identity security controls for AI in place. Sixty percent cannot secure shadow AI usage in their organization. AI agent adoption roadblocks include manipulation and sensitive access concerns. Complexity and identity silos are overwhelming security leaders and undermining business resilience: Fragmented identity security programs and poor environmental visibility are diminishing resilience in the face of evolving cybersecurity threats. Most organizations face increased privilege-related compliance pressure.

Seventy percent of UAE respondents say identity silos are a root cause of organizational cybersecurity risk. Sixty eight percent of security professionals in the UAE agree that their organizations prioritize business efficiencies over robust cybersecurity. Human and machine identities – many of them with privileged access – are expected to double in 2025. Ninety percent of UAE organizations are under increased pressure from insurers mandating enhanced privilege controls.

CyberArk is also participating at GISEC Global 2025, taking place from 6–8 May at the Dubai World Trade Centre. The company will be present at the HELP AG stand, where it will host a dedicated pod showcasing its latest cybersecurity solutions and discuss the Identity Security Landscape report. Attendees will have the opportunity to engage directly with CyberArk’s leadership, including Craig Harwood, Vice President for Middle East and Africa, and Laurence Elbana, Director of Sales, who will be available throughout the event.

This study, commissioned by SoftServe and conducted by Wakefield Research, assesses data readiness in enterprises by the degree of data quality, strategy, organization, investment, and governance implemented. Responses indicate a lack of knowledge in data management is coupled with an internal disconnect and noticeable divide between the C-suite, VPs, and senior management, putting entire organizations at odds when it comes to how data is used, acquired, and funded.

Key survey findings include:

• Outdated or Misaligned Strategies: Many think it’s time to hit ‘refresh’ on their data strategy as 73% report major updates or a complete overhaul is needed, and nearly all (98%) believe an updated data strategy would be required for strategic initiatives like Gen AI.
• Leadership Divide: While less visibility among leaders can lead to skewed perceptions of data comprehension, the division grows with 78% of VPs and 61% of directors — but just 44% of those at C-level — claim their organization’s investment priorities are negatively impacted by leaders not fully understanding how data can generate value.
• Data on Demand: For 60%, decision-makers getting access to data when they need it is a challenge – and one that may not be an easy fix, as the majority (51%) of the 58% whose organization makes most or all decisions using inaccurate or inconsistent data now believe a significant increase in data management investment is needed to meet their goals.
• Misallocated Investments: Nearly three-fourths (73%) believe poor prioritization has diverted needed funds and talent away from valuable data projects to broad Gen AI initiatives with weaker ROI.

All deficits aside, the survey results include a silver lining: strong data management has allowed organizations to open new revenue streams (44%) or monetize their data (38%) with the right infrastructure and governance to transform information into a vital source of income. Organizations also attributed increases in productivity and efficiency (54%), as well as improved decision-making and forecasting abilities (49%), to having strong data foundations. Most respondents hope to follow suit this year as the bulk (85%) prepare to slightly or significantly increase their data budget and nearly half (42%) of those with a fully mature data strategy expect to significantly increase their overall data investments.

“An impactful data strategy is not about perfection, but prioritization,” said Rodion Myronov, AVP of Technology at SoftServe. “It’s about gaining maturity where it matters most for your business by prioritizing the missing piece of the whole data puzzle, not tossing it aside for the next shiny new toy. Establishing a mature data strategy helps reinforce organizational foundations, so you can pursue bigger and better puzzles and projects in the future.”

Survey respondents included 750 business or technology leaders responsible for data management or AI use at global companies spanning eight countries and eight industries with $1 billion or more in annual revenue.

“Enhancing cyber resilience, regulatory compliance, and securing digital transformation are pivotal drivers prompting MENA chief information security officers (CISOs) to boost their security investments in 2025,” said Shailendra Upadhyay, Sr Principal at Gartner.

“As enterprises in the MENA region drive digital transformation and integrate AI, they must focus on the cybersecurity threat landscape, protect critical infrastructure, and address insider threats to fortify their systems and enhance resilience against cyber threats.”

Gartner analysts are exploring ways in which security and risk management leaders can enhance their cybersecurity strategies at the Gartner Security & Risk Management Summit, taking place here through today. Spending on security services is projected to grow 16.6% in 2025, representing the highest growth among all segments, driven by factors such as cost efficiency, skill shortages, and access to advanced tools and technology (see Table 1).

“The challenge of sourcing staff with specialized skills for threat hunting and intelligence in advanced security operations is considerable,” said Upadhyay. “Managed services – a subset of security services, including managed detection and response (MDR) – offer solutions to bridge this skill gap. As a result, organizations are investing more in security services, driving growth in this segment.”

Security software spending is projected to account for nearly 45% of total information security spending in MENA, maintaining its position as the largest category for end-user spending in 2025, driven by an expanding threat landscape and increased adoption of cloud technologies.

“MENA CIOs are boosting their investments in the integrated capabilities of generative AI (GenAI) applications, cloud services, and cybersecurity software to securely accelerate innovation for competitive differentiation, thereby intensifying their focus and spending on sub-segments, such as infrastructure protection, identity access management, and cloud security,” said Upadhyay.

“As AI becomes integral to mainstream operations, organizations must acknowledge both the opportunities for enhanced resilience and the potential threats,” said Sam Olyaei, Vice President at Gartner. “Gartner predicts that by 2027, 60% of organizations will fail to embrace organizational resilience principles, leaving them vulnerable to global technology threats. Therefore, CISOs in the region should proactively prepare for complex cyberthreats by taking a collaborative approach to resilience planning.”

To deliver a sustainable cybersecurity program, security leaders in MENA must prioritize two key cybersecurity trends:

Trend 1: GenAI is Driving Data Security Programs
The rise of GenAI is shifting focus to unstructured data security and preference for synthetic data over obfuscated data in training. Gartner recommends that organizations invest in synthetic data generation tools to replace traditional anonymization, effectively mitigating privacy risks and ensuring compliance.

“Security leaders must leverage technologies such as data security posture management (DSPM) to catalog, monitor, and govern both structured and unstructured data,” said Olyaei. “Reallocating resources and budgets to fortify data security across all forms of unstructured data is crucial, as these elements are becoming increasingly valuable in GenAI applications.”

Trend 2: Extend the Value of Security Behavior and Culture Programs
Security behavior and culture programs (SBCPs) have reached a point of inflection for most organizations. By focusing on cultural and behavior-driven activities, organizations are embedding security into their culture, addressing cyber-risk awareness and responsibility at the human level.

This trend is gaining traction as organizations increasingly recognize that human behavior is crucial to cybersecurity, with GenAI significantly influencing this shift. Gartner predicts that by 2026, enterprises that integrate GenAI with a platforms-based architecture in their SBCPs will experience 40% fewer employee-driven cybersecurity incidents.

“Well-designed SBCPs enhance employee engagement and satisfaction by actively involving them in their organization’s security initiatives,” said Olyaei. “These programs not only ensure compliance with global regulations mandating employee training and awareness but also cultivate a resilient security culture that can adapt to future regulatory changes.”

Juniper Research anticipates this growth will be driven by an acceleration in the adoption of trade surveillance tools. Tightening regulations require financial firms to capture a wider scope of trade data and pre-emptively prevent illegal trading activities. The study emphasised the need for accurate and complete data integration; crucial for understanding the context behind trades.

Juniper Research urges stakeholders to shift to preventing illegal trading activity rather than reacting to it. Trade surveillance systems must have greater access to data from employee communications channels and external news sources; helping AI more accurately detect patterns of abnormal trading behaviour.

Research Author Daniel Bedford explained, “To capitalise on a shifting regulatory environment, we urge vendors to leverage AI at the core of their operations. Vendors who fail to implement robust, proactive AI models will lose out to more agile competitors.”

The research also identified communication monitoring tools as vital to vendor success; as integrating pattern detection tools allows firms to detect subtle signs of market manipulation which go unnoticed when analysing trade data alone. Surveillance vendors must prioritise fostering partnerships with a wide range of news outlets, trading exchanges, and messaging providers, to boost prevention performance.

Sally Adam, Senior Director, Solution Marketing at Sophos, said, “Every year, organisations spend huge amounts of money on their cybersecurity. By quantifying the impact of controls on the outcome of cyberattacks, this study enables them to focus their investments on the most cost-effective options. At the same time, insurers have a major influence on cybersecurity spending through the controls they require of organisations wishing to be covered and the discounts they offer when a given scheme is in place. This study enables them to encourage investments that can make a real difference to incident outcomes and the resulting claim amounts.”

The Sophos study reveals a dramatic difference in cyber insurance claims: organizations using MDR services claim a median compensation of just $75,000, a staggering 97.5% less than the $3 million median claimed by organizations relying solely on endpoint solutions. This means that endpoint-only users typically claim 40 times more in the event of an attack. The study attributes this significant reduction to the rapid threat detection and blocking capabilities of MDR services, which can effectively prevent extensive damage.

The study also highlights a clear benefit to combining EDR or XDR with endpoint solutions, as the average insurance claim for users of these tools is just $500,000, which is one-sixth of the $3 million average claim for those using only endpoint solutions.

The Sophos study indicates that the predictability of cyber insurance claims varies significantly depending on the security controls in place. Claims from organizations utilizing MDR services show the highest predictability, suggesting consistent and reliable threat mitigation. This is likely due to the 24/7 expert monitoring, investigation, and response that allows for swift action against threats at any time. Conversely, claims from users of EDR/XDR tools are the least predictable, implying that their effectiveness in preventing major damage heavily depends on the user’s expertise and speed of response.

The Sophos study also reveals significant differences in recovery times from ransomware attacks. Endpoint solution users average a 40-day recovery, while EDR/XDR users take the longest at 55 days. In stark contrast, organizations using MDR services recover the fastest, with an average downtime of just three days. These findings underscore MDR’s effectiveness in minimizing the impact of cyberattacks and highlight the less predictable recovery experiences associated with EDR/XDR tools, whose success is dependent on user expertise.

Adam concludes, “The research confirms what many people instinctively know: the type of security solution used has a significant impact on cyber insurance claims. Cyberattacks are inevitable, but defences are not. These results are a useful tool for organisations wishing to optimise their cyber defence and their return on investment in cybersecurity. They will also be useful for insurers looking to reduce their exposure and offer suitable policies to their customers.”

The report offers a detailed analysis of the interconnected nature of cybercrime and the shifting threat landscape in the Middle East and Africa. It provides actionable insights for businesses, cybersecurity professionals, and law enforcement to strengthen their defense strategies. While APTs in the Middle East saw a 4.27% rise compared to a global surge of 58%, a significant 27.5% of these state-backed espionage threats specifically targeted GCC nations, underlining the region’s vulnerability.

Commenting on the release of the report, Ashraf Koheil, Regional Sales Director MEA at Group-IB, said: “Our report captures the dynamic and complex nature of cyber threats faced by the Middle East today. It shows that cybercrime is not a collection of isolated incidents, but an evolving ecosystem where one attack fuels the next. From sophisticated state-sponsored attacks to rapidly evolving hacktivism and phishing campaigns, the insights presented in this report are essential for organizations seeking to strengthen their cybersecurity defenses.”

GCC nations remained prime targets for cyberattacks in 2024 due to their strategic economic and political significance. Other notable targets included Egypt (13.2%) and Turkey (9.9%), reflecting their geopolitical roles, while countries such as Jordan (7.7%), Iraq (6.6%), Nigeria, South Africa, Morocco, and Ethiopia also faced rising threats.

The Middle East and Africa (MEA) ranked third globally for hacktivist attacks, accounting for 16.54% of incidents, trailing Europe (35.98%) and Asia-Pacific (39.19%). Key industries affected included government and military sectors (22.1%), financial services (10.9%), education (8%), and media and entertainment (5.2%), with attacks often targeting critical infrastructure and essential services. These assaults were largely fueled by geopolitical tensions, serving as tools for ideological expression or political retaliation.

The report also highlighted persistent cybersecurity challenges in the MEA region, such as phishing and data breaches. With rapid digital transformation, the region has become a prime target for sophisticated scams, particularly in the energy, oil and gas (24.9%) and financial services (20.2%) sectors, driven by economic motives. Phishing attacks continue to be a major threat, heavily affecting internet services (32.8%), telecommunications (20.7%), and financial services (18.8%) in the META region.

“We must embrace a collective defense strategy that unites financial institutions, telecommunications providers, and law enforcement agencies. By sharing intelligence, coordinating proactive security measures, and executing joint actions, we can disrupt fraudulent activities before they cause harm. This collaborative approach not only enhances our ability to detect and prevent fraud but also strengthens the resilience of our critical infrastructure, protects our national security,” added Ashraf Koheil.

The report revealed that ransomware attacks in the MEA region remained relatively low, with only 184 incidents, marking the lowest globally. However, significant concerns persist regarding Initial Access Brokers (IABs) and the vulnerabilities they exploit. In 2024, IAB activity was notable, with GCC nations (23.2%) and Turkey (20.5%) as the most targeted areas. Egypt reported the highest number of compromised hosts (88,951), followed by Turkey (79,789) and Algeria (49,173), highlighting substantial cybersecurity gaps.

Stolen credentials and sensitive corporate information sold on the dark web have become critical entry points for cybercriminals, including ransomware operators and state-sponsored attackers. The report disclosed over 6.5 billion leaked data entries, with nearly 2.5 billion unique email addresses and 3.3 billion leaked entries containing phone numbers (631 million unique). Additionally, 460 million passwords were exposed globally in 2024, 162 million of which were unique. This surge in leaked data fuels the dark web economy and heightens risks for organizations and individuals worldwide.

Dmitry Volkov, CEO of Group-IB, said, “Group-IB played an intensified role in its global fight against cybercrime and contributed to eight major law enforcement operations across 60+ countries, leading to 1,221 cybercriminal arrests and the dismantling of over 207,000 malicious infrastructures. These efforts disrupted large-scale cybercriminal networks, highlighting the critical role of collaboration between private cybersecurity firms and international law enforcement.”

The report highlighted that threat actors utilized advanced tactics, techniques, and procedures (TTPs) like social engineering, ransomware, and credential theft. Emerging methods, including the Extended Attributes Attack, the Facial-Recognition Trojan (GoldPickaxe.iOS), and the ClickFix infection chain, illustrate the growing complexity and sophistication of cyber threats in the region.

The findings, published in an IDC InfoBrief sponsored by Qlik, arrive as businesses worldwide race to embed AI into workflows, with AI projected to contribute $19.9 trillion to the global economy by 2030. Yet, readiness gaps threaten to derail progress. Organizations are shifting their focus from AI models to building the foundational data ecosystems necessary for long-term success.

Stewart Bond, Research VP for Data Integration and Intelligence at IDC, emphasised, “Generative AI has sparked widespread excitement, but our findings reveal a significant readiness gap. Businesses must address core challenges like data accuracy and governance to ensure AI workflows deliver sustainable, scalable value.” Without addressing these foundational issues, businesses risk falling into an “AI scramble,” where ambition outpaces the ability to execute effectively, leaving potential value unrealized.

“AI’s potential hinges on how effectively organizations manage and integrate their AI value chain,” said James Fisher, Chief Strategy Officer at Qlik. “This research highlights a sharp divide between ambition and execution. Businesses that fail to build systems for delivering trusted, actionable insights will quickly fall behind competitors moving to scalable AI-driven innovation.”

The IDC survey uncovered several critical statistics illustrating the promise and challenges of AI adoption: Agentic AI Adoption vs. Readiness:

• 80% of organizations are investing in Agentic AI workflows, yet only 12% feel confident their infrastructure can support autonomous decision-making.
• “Data as a Product” Momentum: Organizations proficient in treating data as a product are 7x more likely to deploy Generative AI solutions at scale, emphasizing the transformative potential of curated and accountable data ecosystems.
• Embedded Analytics on the Rise: 94% of organizations are embedding or planning to embed analytics into enterprise applications, yet only 23% have achieved integration into most of their enterprise applications.
• Generative AI’s Strategic Influence: 89% of organizations have revamped their data strategies in response to Generative AI, demonstrating its transformative impact.
• AI Readiness Bottleneck: Despite 73% of organizations integrating Generative AI into analytics solutions, only 29% have fully deployed these capabilities.

These findings stress the urgency for companies to bridge the gap between ambition and execution, with a clear focus on governance, infrastructure, and leveraging data as a strategic asset.

The IDC survey findings highlight an urgent need for businesses to move beyond experimentation and address the foundational gaps in AI readiness. By focusing on governance, infrastructure, and data integration, organizations can realize the full potential of AI technologies and drive long-term success.

While 55% of organizations reported increased ICS/OT cybersecurity budgets over the past two years, much of that investment remains heavily skewed toward technology, with limited focus on operational resilience. This imbalance, combined with the convergence of IT and OT environments, creates new vulnerabilities adversaries are exploiting at an alarming rate.

Key Findings from the report:

• Critical Infrastructure Under Attack: Over the past year, more than 50% of organizations experienced at least one security incident involving ICS/OT systems. Among the top vulnerabilities exploited were internet-accessible devices (33%) and transient devices (27%), often used to bypass traditional defenses.
• Budget Gaps Leave ICS/OT at Risk: Despite growing recognition of OT cybersecurity as a priority, only 27% of organizations place budgetary control under CISOs or CSOs. Without dedicated leadership, budget allocation often overlooks critical ICS/OT-specific needs, exposing infrastructure to evolving threats.
• IT as a Primary Attack Vector: The report identifies IT compromises as the most common entry point, responsible for 58% of ICS/OT incidents. This highlights the urgent need for integrated security strategies that address cross-domain vulnerabilities.
• Insufficient Budgets for ICS/OT Security: Many organizations continue to underfund ICS/OT-specific protections. Less than half allocate only 25% of their cybersecurity budgets to safeguarding critical infrastructure, leaving systems exposed to attacks.

The 2025 ICS/OT Cybersecurity Budget Report stresses the need for organizations to rethink their cybersecurity strategies:

• Allocating proper budgets to ICS/OT defenses: devices and endpoints
• Strengthening defenses against cross-domain attacks
• Ensuring cybersecurity leadership oversees budget decisions to align spending with operational risk

Dean Parsons, Principal Instructor and CEO and Principal Consultant of ICS Defense Force stated, “The evolving threat landscape in ICS/OT demands more than just deploying the five ICS Cybersecurity critical controls. Effective critical infrastructure defense requires a strategic investment in ICS/OT-specific security training, ensuring that those responsible for monitoring ICS controls have a deep understanding of control system networks. One of the most concerning findings in the report is that while cybersecurity budgets have increased, much of the investment remains focused only on traditional business support systems such as IT, leaving ICS/OT environments, the business itself, dangerously under-protected. After all, in an ICS organization, the ICS is the business. Organizations that fail to reevaluate their threats to their ICS environments leave critical infrastructure vulnerable to increasingly sophisticated attacks. Protecting these engineering systems isn’t optional—it’s essential for operational resilience and national security.”

At the same time, adversaries worldwide are weaponizing AI-generated deception, exploiting stolen credentials and increasingly executing cross-domain attacks—exploiting gaps across endpoint, cloud and identity—to bypass security controls and operate undetected in the shadows. The shift to malware-free intrusions that exploit trusted access, combined with record-shattering breakout times, leaves defenders little room for error. To stop modern attacks, security teams need to eliminate visibility gaps, detect adversary movement in real-time and stop attacks before they escalate—because once they’re inside, it’s already too late.

Tracking more than 250 named adversaries and 140 emerging activity clusters, CrowdStrike’s latest research reveals:

• China’s Cyber Espionage Grows More Aggressive: CrowdStrike identified seven new China-nexus adversaries in 2024, fueling a 150% surge in espionage attacks, with critical industries seeing up to a 300% spike in targeted attacks.
• GenAI Supercharges Social Engineering: AI-driven phishing and impersonation tactics fueled a 442% increase in voice phishing (vishing) between H1 and H2 2024. Sophisticated eCrime groups like CURLY SPIDER, CHATTY SPIDER and PLUMP SPIDER leveraged social engineering to steal credentials, establish remote sessions and evade detection.
• Iran Utilizes GenAI for Vulnerability Research and Exploitation: In 2024, Iran-nexus actors increasingly explored GenAI for vulnerability research, exploit development and patching domestic networks, aligning with government-led AI initiatives.
• From Breaking In to Logging In – Surge in Malware-Free Attacks: 79% of attacks to gain initial access are now malware-free while access broker advertisements surged 50% YoY. Adversaries exploited compromised credentials to infiltrate systems as legitimate users, moving laterally undetected with hands-on keyboard activities.
• Insider Threats Continue to Rise: DPRK-nexus adversary FAMOUS CHOLLIMA was behind 304 incidents uncovered in 2024. 40% involved insider threat operations, with adversaries operating under the guise of legitimate employment to gain system access and carry out malicious activity.
• Breakout Time Hits Record Speed: The average eCrime breakout time dropped to 48 minutes, with the fastest recorded at 51 seconds—leaving defenders little time to react.
• Cloud Environments Under Siege: New and unattributed cloud intrusions increased by 26% YoY. Valid account abuse is the primary initial access tactic, accounting for 35% of cloud incidents in H1 2024.
• Unpatched Vulnerabilities Remain a Key Target: 52% of vulnerabilities observed were related to initial access, reinforcing the critical need to secure entry points before adversaries establish persistence.

“China’s increasingly aggressive cyber espionage, combined with the rapid weaponization of AI-powered deception, is forcing organizations to rethink their approach to security,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “Adversaries exploit identity gaps, leverage social engineering and move across domains undetected—rendering legacy defenses ineffective. Stopping breaches requires a unified platform powered by real-time intelligence and threat hunting, correlating identity, cloud and endpoint activity to eliminate the blind spots where adversaries hide.”