As organisations across the Middle East accelerate cloud adoption, experiment with generative AI and expand their digital ecosystems, the region’s threat landscape is shifting faster than ever. Attackers are moving with new levels of speed and precision, blending automation, identity abuse and highly personalised deception to target businesses at scale. With UAE enterprises now experiencing nearly 2,000 attempted attacks every week, security leaders are under pressure to rethink how they operate, protect data and build resilience for the next wave of risks.
In this Q&A, Ram Narayanan, Country Manager for the Middle East at Check Point Software Technologies, breaks down what 2026 will demand from CISOs—from AI-driven intrusions and cloud-SaaS blind spots to OT convergence, regulatory accountability and the future of prevention-first security operations.
Threat landscape 2026: What do you see as the three most serious cyber threats that enterprises will be dealing with in 2026, and how are you re-shaping your roadmap to respond to them?
Check Point sees 2026 as a year where threats become faster, more adaptive and far more personal. The first major shift is the rise of AI-driven intrusions, where attackers use autonomous tools to probe systems, imitate users and build tailored campaigns at machine speed, as highlighted in Check Point’s executive outlook for 2026. The UAE is already seeing this shift, with organisations facing around 1864 attempted attacks per week over the last six months, driven by automated probing, credential theft and targeted exploitation of exposed services. What will change next year is not the volume of attacks, but the heightened intelligence driving them. Deepfakes, AI-generated conversations, cloned voices and highly personalized deception techniques will make it increasingly difficult for teams to distinguish legitimate interactions from fabricated ones. At the same time, a large portion of intrusions will originate from the edges of the network — routers, cameras and IoT devices that often sit outside traditional monitoring. And while ransomware will remain a major concern, its nature will keep evolving toward extortion through stolen data rather than encrypted systems.
For UAE organisations, this means the threat landscape is no longer defined only by malware, but by manipulation, identity abuse and silent footholds. Check Point’s focus in 2026, through its AI-powered Infinity platform, is to help organisations catch these signals early and prevent attacks before harm occurs, in line with its prevention-first strategy.
AI and agentic security: By 2026, how do you expect AI-driven and “agentic” security operations to change the way SOCs work day-to-day? Where do you draw the line between automation and human decision-making?
AI is moving from an analytical tool to an operational partner. In 2026, security teams will work alongside systems that can analyse vast amounts of data, recognise intent and carry out defined actions within seconds. The aim is not to replace analysts but to relieve them from repetitive work so they can focus on decisions that require context and judgment.
Agentic AI will play a major role here and Check Point has already strengthened its capabilities through the integration of technologies such as Lakera, which enhance model protection, adversarial testing and AI-safety controls. This investment ensures that as SOCs lean on automation, the underlying models remain trustworthy and resilient against manipulation.
In practice, AI will enable SOC teams to uncover connections they would otherwise miss, reduce alert fatigue and give them a clearer, more real-time understanding of what matters. But even in 2026, human oversight will remain essential. Automation provides speed; humans provide accountability.
Cloud, SaaS and identity: As identity and SaaS compromise continue to rise, what will “good security” look like for cloud-first organisations in 2026?
In 2026, cloud security will be less about securing individual environment and more about understanding the relationships between users, SaaS platforms, APIs and automated workflows. As UAE organisations adopt more cloud-first operations, attacks increasingly exploit gaps between these systems — an overlooked integration, an over-privileged identity, or a misconfigured third-party connection. The most important step organisations can take is to gain visibility across the full cloud ecosystem and verify that access patterns make sense. This includes being able to spot unusual movements between services, understanding which identities have genuine business purpose and ensuring that AI-driven systems are not making decisions based on untrusted inputs.
Check Point advocates for a prevention-first approach here: unify cloud controls, simplify policies and treat cloud, SaaS and identity as one fabric rather than separate silos.
Ransomware and extortion: Ransomware has become a business model. What will differentiate successful ransomware defence in 2026 from what most organisations are doing today?
Ransomware today is less about encryption systems and more about applying pressure. Attackers quietly take sensitive data, study it and then apply targeted coercion, not just to the organisation but to partners, customers or regulators. This trend is particularly relevant in the UAE, where information-disclosure vulnerabilities remain common and data-leak extortion has become more profitable than operational disruption.
In 2026, the defining factor will be how early an organisation can detect abnormal behaviour before data begins to move. Recovery tools remain important, but they can no longer be the centre of a defence strategy. What matters most is preventing exfiltration, identifying subtle anomalies and stopping identity misuse before it escalates into a breach. Check Point’s prevention-first model emphasises exactly this: stopping threats at the earliest stage rather than managing the fallout afterwards.
OT, critical infrastructure and converged security: How do you expect security for OT, industrial, and critical infrastructure environments to evolve by 2026, especially as IT and OT networks continue to converge?
OT environments in the UAE are modernising rapidly with cloud management, remote access and AI-driven optimisation and this creates both efficiency and exposure. In 2026, the biggest challenge for OT operators will be understanding how digital decisions influence physical processes. As IT and OT systems systems coverage, attackers will increasingly exploit the same pathways to gain access. Check Point anticipates more attempts by adversaries to exploit edge devices within OT networks, using them as quiet entry points. Defending these environments means monitoring how data flows between systems, validating that device behaviour matches operational intent and maintaining clear separation where needed.
Regulation and cyber resilience: With tighter regulations and board-level accountability coming in, how should CISOs be thinking about cyber resilience, disclosure, and reporting obligations by 2026?
By 2026, regulatory expectations will evolve from periodic reporting to continuous assurance. Global frameworks such as NIS2, the AI Act and the SEC’s real-time disclosure rules are setting the tone for what regulators in the Middle East are also moving toward: demonstrable, measurable resilience. Check Point expects CISOs to move beyond compliance checklists and instead integrate live risk telemetry, policy enforcement and incident-readiness metrics into board-level reporting. Regulators no longer confirmation that a policy exists; they want evidence that it is consistently enforced.
This shift places greater emphasis on prevention, governance and AI oversight. CISOs will need visibility into how AI systems, including generative models and autonomous agents, make decisions, process data and interact with third-party environments. Real-time attestation, machine-readable policies and automated evidence collection will become standard elements of compliance programs. Check Point’s perspective is that resilience is now a performance requirement, not a documentation exercise. Organisations that can demonstrate continuous protection will be better positioned to access markets, build trust and navigate evolving regulatory demands.
AI safety and data protection: As organisations deploy generative AI at scale, where do you see the biggest blind spots around data privacy, model security, and intellectual property protection in 2026?
As generative AI becomes deeply embedded across business functions, one of the biggest risks in 2026 will be the information these systems consume. A seemingly harmless document, website or file can quietly influence an AI model’s behaviour, especially in agentic or autonomous workflows. Check Point encourages organisations to approach AI with the same discipline they apply to any critical system: define what data AI can access, validate the sources feeding each model and continuously monitor for manipulation attempts. Shadow AI, tools adopted informally by employees, will also need attention, as these often expose sensitive information without oversight.
Trustworthy AI will be built through governance, transparency and constant validation, not just rapid deployment.
Skills, talent and partner ecosystem: Given the ongoing skills shortage, what will an effective security operating model look like in 2026 in terms of internal teams, automation, MSSPs, and partners?
The skills gap won’t close overnight, so resilience will depend on how well organisations blend people, partners and intelligent automation. AI will help reduce manual workloads inside the SOC, while MSSPs will provide broader context, monitoring and specialised expertise.
Internal teams will focus on the analytical and investigative work that cannot be automated, where human insight remains essential. The most successful organisations will be those that distribute effort intelligently, letting machines handle the volume while humans handle judgment. Check Point supports this balance through unified platforms that simplify operations, reduce overhead and make it easier for teams to focus on high-value tasks.
Platform vs. best-of-breed debate: By 2026, will the market have decisively shifted towards consolidated security platforms, or do you expect best-of-breed to remain dominant in certain domains? How are you positioning your portfolio for that reality?
Check Point expects a clear shift toward more integrated security architectures. With cloud, SaaS and AI use accelerating, scattered tools create fragmentation, inconsistent policies and blind spots. A unified platform provides organisations with a single view of risk and a consistent mechanism for enforce controls. This does not mean specialised tools disappear. Instead, they sit within a coherent structure where they can be governed, monitored and aligned with broader security goals.
Advice to CISOs planning for 2026: If you had to prioritise three strategic moves CISOs should make over the next 12–18 months to be ready for 2026, what would they be and why?
The biggest shift in 2026 will be the need to understand not just your own systems but the entire ecosystem surrounding them, cloud providers, SaaS platforms, AI agents, vendors and the growing number of autonomous processes that run in the background. In the UAE, where organisations face nearly 2000 attacks every week, the only sustainable strategy is one built on visibility, prevention and continuous validation.
CISOs should start by establishing strong governance for AI, strengthening identity security and ensuring that every connection, whether human, machine or automated, is both authenticated and contextual. The organisations that thrive in 2026 will be those that do not wait for threats to materialise but build the capability to prevent them from the outset.
