The growing impact of cyberterrorism across the Middle East represents not only a security concern but also a tangible risk to the economic and political stability of a country. This analysis highlights the key regional vulnerabilities, the legislative responses adopted and the strategies needed to build a more sustainable digital resilience.
Introduction
In recent years, the Middle East has emerged as one of the main arenas for the expansion of cyber threats. To counter cybercrimes, such as malware attacks, online fraud and digital harassment, Arab countries have been investing substantial resources in cybersecurity infrastructure and defense mechanisms. The main goal is to create a safe and reliable digital environment capable of fostering empowerment, economic growth and efficiency. Among the most targeted nations, the United Arab Emirates and Saudi Arabia have faced a surge in ransomware attacks, underscoring the Region’s growing exposure to sophisticated cyber risks.
How Cyberterrorism affects the Middle East
Across the Region, one of the most common methods of cyberattack involves the use of malicious software. The most widespread form is the Remote Access Trojan (RAT), followed by advanced spyware variants. In other cases, though less frequent, attackers have deployed ransomware. Modern RAT versions can disguise themselves as legitimate applications, effectively bypassing antivirus detection systems and remaining undetected on devices for extended periods. Government institutions, manufacturing firms and telecommunications companies are among the most frequent victims of ransomware attacks. For example, the Emirati telecommunications company Etisalat was targeted by the LockBit ransomware, resulting in the theft and subsequent sale of company files on a hacker marketplace.
Other prevalent techniques include phishing campaigns and the use of artificial intelligence-based machine learning to generate malicious content. The rapid development of AI tools has enabled hacker groups to intensify phishing attacks targeting Israeli municipalities, airline companies, travel agencies and media. Such attacks often lead to the leakage of sensitive data. A notable case is that of Lulu Hypermarket, one of the UAE’s largest retail chains, which suffered a data breach exposing over 200,000 customer records containing personal information. These data leaks have provided cybercriminals with new opportunities to target individuals through traditional data-theft malware, such as spyware, Remote Access Trojans and banking Trojans. Moreover, investigations in Jordan revealed the circulation of the Pegasus spyware, a highly invasive surveillance tool capable of secretly activating microphones and cameras and accessing users’ data, posing severe risks to personal privacy and digital security.
Economic and political consequences of Cyberterrorism
Cyberattacks have significant negative effects on national economies, including direct financial losses, reduced productivity, disrupted financial systems and reputational damage at the international level. Moreover, the theft of sensitive information can undermine a country’s economic competitiveness by granting strategic advantages to rival actors. All these examples illustrate how large-scale cyber incidents can severely affect a nation’s ability to attract foreign investment and may even trigger full-fledged economic crises.
Beyond the economic dimension, cyberterrorism also poses serious political risks. It can disrupt elections, facilitate propaganda campaigns, spread disinformation and expose State secrets. Cyberattacks targeting electoral systems, for instance, have the potential to sabotage voting processes and erode public confidence in government institutions. When the attackers aim to disrupt elections, they may design intrusions that compromise voting infrastructure, effectively preventing citizens from exercising their right to vote. Equally concerning is the use of the internet and social media platforms by terrorist groups to amplify propaganda, sow political instability and delegitimize governments. The Middle East and North Africa have already witnessed how digital manipulation can influence political dynamics. During the Arab Spring, experts observed that the combination of social media mobilization and cyberattacks targeting critical infrastructure contributed to escalating unrest and accelerating regime change across several countries in the Region.
Legislative solutions to Cyberterrorism
When addressing the issue of cyberterrorism, it is essential to consider the legislative measures that State have already implemented. Legal frameworks represent one of the most effective tools to counter cyber threats. However, their effectiveness varies across countries, reflecting distinct political priorities and administrative capacities.
The United Arab Emirates has enacted several laws to combat cybercrime and strengthen cybersecurity. Among them, Federal Decree Law No. 34 of 2021 on Combating Rumors and Cybercrimes plays a central role. This law includes provisions for protecting government websites and databases, countering misinformation and fake news and imposing penalties, ranging from fines to imprisonment, for individuals involved in cyber offenses.
In Saudi Arabia, the Anti-Cybercrimes Law, established under Royal Decree No. M/17, aims to enhance information security and safeguard individual rights in the legitimate use of digital technologies.
Bahrein adopted the Personal Data Protection Law (Law No. 30 of 2018), which governs the processing of personal data by public and private entities. It sets out regulations for the collection, use and disclosure of data to ensure privacy protection. To oversee compliance, the law established the National Data Protection Authority, responsible for monitoring and enforcing proper data governance.
In Qatar, Law No. 14 of 2014 on Promulgating the Cybercrime Prevention Law defines a wide range of offenses, from hacking and cyberstalking to identity theft and obliges internet service providers to implement preventive measures against the spread of cybercrime. The law also prescribes strict penalties for offenses committed through the Internet, IT networks or computer systems.
Operational solutions against Cyberterrorism
According to global intelligence assessments and cybersecurity industry reports, cyberattacks are expected to rise significantly in the coming years, particularly due to the growing role of artificial intelligence in offensive operations. This scenario calls for both governments and the private sector to intensify efforts through the following key measures:
Investments in cybersecurity infrastructure: countries should keep prioritizing investments in robust digital defense systems, including firewalls, encryption protocols, endpoint protection and real-time monitoring tools. Governments must continue to enforce security standards across all sectors to ensure an uniform level of resilience.
Strengthening the human element: governments and academic institutions should expand scholarship programs and create specialized training initiatives aimed at developing a highly skilled cybersecurity workforce. Human capital remains a critical pillar in countering sophisticated digital threats.
Supply chain monitoring: Given that many institutions rely on third-party vendors, it is important to implement strict oversight and monitoring mechanisms to prevent the infiltration of vulnerabilities through indirect channels.
Regional and public-private cooperation: since cyber threats transcend borders, enhanced regional collaboration is essential. Nations should strengthen information sharing, coordinate emergency responses and align legislative frameworks on cybersecurity. Public-private partnerships are equally vital to fostering innovation and resilience. Moreover, the Gulf Cooperation Council (GCC) with the GCC Cyber Security Framework established a regional collaboration regarding the informatics security which promotes joint exercises, information exchange and capacity-building initiative.
