“The race to embed AI into environments has inadvertently created a new set of identity security risks centered around the access of unmanaged and unsecured machine identities – and the privileged access of AI agents will represent an entirely new threat vector,” said Craig Harwood, Area VP for Africa and the Middle East at CyberArk. “For UAE organizations to stay resilient, CISOs and security leaders must modernize their identity security strategies to contend with a new and expanding attack surface characterized by the proliferation of identities with privileged access and made worse by damaging identity silos.”

‘Rise of the machines’ contributes to unsecured privilege sprawl: Machine identities, driven primarily by cloud and AI, now vastly outnumber human identities within organizations and nearly half have sensitive or privileged access. However, many enterprises leave both human and machine access to critical systems under-secured. There are 82 machine identities for every human in organizations worldwide.

In 92% of UAE organizations, the definition of a ‘privileged user’ applies solely to human identities – but 42% of machine identities have privileged or sensitive access. Fifty two percent do not have identity security controls in place to secure cloud infrastructure and workloads. Fifty four percent of UAE organizations experienced at least two successful identity-centric breaches in the past 12 months, ranging from supply chain attacks and compromised privileged access to identity and credential theft.

AI is everywhere and identity-centric agentic AI risk looms: Sanctioned and unsanctioned adoption of AI and large language models (LLMs) is simultaneously transforming organizations while amplifying cybersecurity risks. Concerns around the emergence of AI agents in the UAE and their privileged access underscores the urgency for targeted identity security investment. AI will drive the creation of the greatest number of new identities with privileged and sensitive access in 2025.

Only eighteen percent of UAE organizations have identity security controls for AI in place. Sixty percent cannot secure shadow AI usage in their organization. AI agent adoption roadblocks include manipulation and sensitive access concerns. Complexity and identity silos are overwhelming security leaders and undermining business resilience: Fragmented identity security programs and poor environmental visibility are diminishing resilience in the face of evolving cybersecurity threats. Most organizations face increased privilege-related compliance pressure.

Seventy percent of UAE respondents say identity silos are a root cause of organizational cybersecurity risk. Sixty eight percent of security professionals in the UAE agree that their organizations prioritize business efficiencies over robust cybersecurity. Human and machine identities – many of them with privileged access – are expected to double in 2025. Ninety percent of UAE organizations are under increased pressure from insurers mandating enhanced privilege controls.

CyberArk is also participating at GISEC Global 2025, taking place from 6–8 May at the Dubai World Trade Centre. The company will be present at the HELP AG stand, where it will host a dedicated pod showcasing its latest cybersecurity solutions and discuss the Identity Security Landscape report. Attendees will have the opportunity to engage directly with CyberArk’s leadership, including Craig Harwood, Vice President for Middle East and Africa, and Laurence Elbana, Director of Sales, who will be available throughout the event.

Sally Adam, Senior Director, Solution Marketing at Sophos, said, “Every year, organisations spend huge amounts of money on their cybersecurity. By quantifying the impact of controls on the outcome of cyberattacks, this study enables them to focus their investments on the most cost-effective options. At the same time, insurers have a major influence on cybersecurity spending through the controls they require of organisations wishing to be covered and the discounts they offer when a given scheme is in place. This study enables them to encourage investments that can make a real difference to incident outcomes and the resulting claim amounts.”

The Sophos study reveals a dramatic difference in cyber insurance claims: organizations using MDR services claim a median compensation of just $75,000, a staggering 97.5% less than the $3 million median claimed by organizations relying solely on endpoint solutions. This means that endpoint-only users typically claim 40 times more in the event of an attack. The study attributes this significant reduction to the rapid threat detection and blocking capabilities of MDR services, which can effectively prevent extensive damage.

The study also highlights a clear benefit to combining EDR or XDR with endpoint solutions, as the average insurance claim for users of these tools is just $500,000, which is one-sixth of the $3 million average claim for those using only endpoint solutions.

The Sophos study indicates that the predictability of cyber insurance claims varies significantly depending on the security controls in place. Claims from organizations utilizing MDR services show the highest predictability, suggesting consistent and reliable threat mitigation. This is likely due to the 24/7 expert monitoring, investigation, and response that allows for swift action against threats at any time. Conversely, claims from users of EDR/XDR tools are the least predictable, implying that their effectiveness in preventing major damage heavily depends on the user’s expertise and speed of response.

The Sophos study also reveals significant differences in recovery times from ransomware attacks. Endpoint solution users average a 40-day recovery, while EDR/XDR users take the longest at 55 days. In stark contrast, organizations using MDR services recover the fastest, with an average downtime of just three days. These findings underscore MDR’s effectiveness in minimizing the impact of cyberattacks and highlight the less predictable recovery experiences associated with EDR/XDR tools, whose success is dependent on user expertise.

Adam concludes, “The research confirms what many people instinctively know: the type of security solution used has a significant impact on cyber insurance claims. Cyberattacks are inevitable, but defences are not. These results are a useful tool for organisations wishing to optimise their cyber defence and their return on investment in cybersecurity. They will also be useful for insurers looking to reduce their exposure and offer suitable policies to their customers.”