Exclusive interview with Rabih Itani, Regional Director, Middle East and Africa, WatchGuard Technologies

SMEs across the region often struggle to balance cybersecurity investment with operational costs and complexity. What practical steps can smaller businesses take today to strengthen cyber resilience without overwhelming their internal IT resources?

Cybersecurity does not need to be complex to be effective for SMEs. The priority should be implementing a small number of high-impact security controls that significantly reduce risks. These include enabling multi-factor authentication (MFA), maintaining a disciplined patch management process, deploying endpoint protection, securing emails and DNS traffic, and investing in regular employee awareness training to combat phishing and credential misuse.

The urgency is clear. Our recent H2 2025 Internet Security Report revealed that 96 per cent of blocked malware was delivered through encrypted TLS connections, while 23 per cent of threats evaded traditional signature-based detection methods. At the same time, cloud adoption has expanded the attack surface, introducing risks associated with shadow IT, risky SaaS configurations, and compromised identities.

However, SMEs do not need to tackle these challenges alone. According to our 2026 global MSP survey, nearly half of organisations already rely on external providers to augment internal IT teams, while more than half cite 24/7 monitoring as a capability they cannot deliver in-house. WatchGuard’s Unified Security Platform was designed to support this model, delivering integrated protection across network, endpoint, identity, and cloud environments through a simplified, scalable approach. Partnering with a trusted MSP gives SMEs access to managed detection and response, continuous monitoring, and threat intelligence at scale.

Why are ransomware, phishing, and identity-based attacks increasingly becoming board-level business risks rather than just IT concerns?

Cybersecurity has evolved from an IT issue into a business-critical risk because the consequences of a successful attack extend far beyond technology systems. Ransomware, phishing, and identity-based attacks can disrupt operations, expose sensitive data, damage brand reputation, impact customer trust, and trigger regulatory scrutiny, all of which have direct financial and strategic implications.

This shift is reflected in boardroom priorities. Our 2026 MSP survey found that 75 per cent of organisations expect cybersecurity spending to increase over the next two years, while 67 per cent require additional support managing compliance obligations. Security is now firmly embedded in broader business planning and risk management discussions.

The threat landscape reinforces this reality. The survey revealed that 33 per cent of organisations experienced malware infiltration in the past year, 32 per cent suffered phishing or business email compromise attacks, and 29 per cent reported data breaches or unauthorised access incidents. Nearly 75 per cent experienced at least one cybersecurity incident overall. In February 2026, the UAE Cybersecurity Council highlighted increasing attacks targeting critical infrastructure, including ransomware, network infiltration, and AI-enabled offensive tools.

Our H2 2025 Internet Security Report further documented a 1,548 per cent increase in unique malware during Q4 2025, alongside nearly 2,600 public ransomware extortion incidents in a single quarter. Considering this, cybersecurity can no longer be considered a technical concern. Boards require visibility into organisational risk, resilience, and response readiness to protect business continuity and long-term growth.

Many businesses still operate with fragmented security environments built around multiple standalone tools. Why do you believe unified cybersecurity platforms are becoming increasingly important for organizations looking to simplify security operations while improving visibility and protection?

Currently, complexity is one of the greatest challenges facing cybersecurity teams. Organisations relying on multiple disconnected tools often struggle with fragmented security environments, inconsistent policy enforcement, and slower incident response times. Security teams are forced to correlate alerts across different dashboards, slowing response and increasing the risk of missed threats.

Modern cyberattacks do not target a single environment. It moves across endpoints, identities, networks, and cloud applications simultaneously, which requires an integrated approach to detection and response. Our Unified Security Platform combines network security, endpoint protection, identity management, cloud visibility, and threat intelligence into a single coordinated ecosystem. Solutions such as our CloudDR further enhance visibility by identifying shadow IT, detecting identity threats, and automatically remediating misconfigurations.

Market demands reflect this transition. Our 2026 MSP survey found that organisations are prioritising faster incident response (38 per cent), better communication and greater transparency (31 per cent), AI-driven threat detection (44 per cent), and stronger identity and access security capabilities (35 per cent). Meanwhile, 58 per cent expect to switch providers within three years, citing rising costs without added value (39 per cent), a major security incident (39 per cent), and slow response times (36 per cent) as the primary triggers. A unified platform helps address these challenges by reducing operational complexity while improving both security effectiveness and customer experience.

Having worked across the technological ecosystem as an end user, integrator, and provider, how have you seen cybersecurity conversations evolve over the past decade, and what do you believe organizations across the region are still underestimating today?

Cybersecurity conversations have changed significantly over the past decade. Organisations have moved beyond a traditional focus on perimeter security and compliance checklists toward a broader emphasis on cyber resilience, identity protection, cloud security, and business continuity.

One of the most encouraging developments has been the evolution of the customer-provider relationship. In our recent 2026 MSP survey, we found that nearly half of organisations now view their MSP as either a strategic advisor (24 per cent) or a proactive partner (23 per cent), rather than simply a technology supplier. Businesses increasingly expect guidance, expertise, and measurable outcomes, not just products.

However, numerous organisations still underestimate the operational side of cybersecurity. While investments in technologies continue to grow, areas such as identity governance, employee training and awareness, incident response planning, and policy enforcement often receive less attention. Across the Middle East region, we can see a robust commitment from leadership teams to strengthen cybersecurity, but execution gaps remain, particularly in cloud security and identity management.

As cyber threats continue evolving, what are some of the most common mistakes businesses still make when approaching cybersecurity strategies today?

One of the most common mistakes organisations make is viewing cybersecurity as a collection of tools rather than an ongoing operational strategy. Many businesses invest heavily in multiple security solutions but lack the resources, expertise, or processes required to manage them effectively. The result is often alert fatigue, fragmented visibility, and slower incident response. This is where dedicated MSPs play a major role. The data is compelling. Around 94 per cent of organisations using a dedicated MSP or MSSP report confidence in their protection against emerging threats, compared to just 83 per cent of those relying on consulting or professional services firms.

Another persistent challenge is underestimating identity-based risk. Today’s attackers increasingly prefer to exploit stolen credentials and over-privileged identities rather than breach networks directly. Our H2 2025 Threat Report highlights the growing prevalence of identity-focused attack techniques, underscoring the need for stronger access controls, continuous monitoring, and proactive detection capabilities.

Currently, organisations continue to underestimate the human element of cybersecurity. Our 2026 MSP survey found that 37 per cent of businesses want more cybersecurity awareness training, while 31 per cent seek greater communication and transparency from their security providers. Technology alone cannot deliver resilience; people and processes remain equally important.

Ultimately, resilient organisations are those that take a holistic approach, combining strong identity security, MFA, endpoint protection, employee awareness and training, and tested incident response plans within a single, continuously managed cybersecurity strategy.

In a fast-paced world defined by limited time and endless to-do lists, simplicity is much needed. Across the UAE, consumers are increasingly looking for faster, smarter ways to declutter, upgrade, and sell, without the friction of traditional listing processes.

This shift in behaviour is exactly where dubizzle’s Sell with AI has made its mark.

Since its launch in 2025, the feature has seen strong and sustained adoption, with over 231,500 users leveraging Sell with AI to create listings effortlessly. In total, the tool has already generated approximately 1.2 million new listings on the platform, reflecting both scale and consistent user value.

Momentum continues to build month over month, with an average of 25,600 monthly active users using Sell with AI to generate listings faster and more efficiently. This demonstrates not only strong adoption, but also repeat, habitual usage, an important signal of product-market fit in everyday consumer behaviour.

Rather than replacing user input, Sell with AI works with it and enhances it.

The concept is simple: users upload a few photos, and the AI handles the rest; writing descriptions, categorising items, and generating complete, high-quality listings in seconds. What once required manual effort and time is now reduced to a seamless, intuitive experience.

Usage patterns show particularly strong traction in high-frequency household categories where speed and convenience matter most. The Furniture category leads in terms of adoption, followed by Large Appliances such as refrigerators and ovens, with strong activity also seen in mobile phones, home accessories, and clothing. This highlights how AI is being embedded into everyday resale behaviour rather than niche use cases.

Commenting on the trend, Matthew Gregory, Senior Director of Strategy at dubizzle, said:
“People want to sell effortlessly, without having to overthink the details. Sell with AI was designed to give users back their time. It’s intuitive, fast, and aligned with the way people live and transact today.”

Beyond efficiency, adoption trends also point to a broader behavioural shift in how consumers engage with AI. Users are no longer treating it as an experimental feature, but as a practical, everyday utility, particularly in home and lifestyle categories where turnover is high and convenience is critical.

“Technology should adapt to people, not the other way around,” Matthew Gregory added. “Sell with AI does exactly that, it meets users where they are, making selling as simple as sending a message.”

As the UAE continues to evolve into a highly connected, digital-first economy, dubizzle remains focused on simplifying real-world interactions through meaningful innovation. Sell with AI is not just a feature enhancement, it represents a fundamental shift in how people list, sell, and transact online.

With over a million listings generated and hundreds of thousands of users already engaging with the tool, Sell with AI is helping transform online selling from a manual, time-consuming process into a faster, more intelligent, and more intuitive experience.

By embedding AI into one of the most frequent consumer behaviours, dubizzle continues to move closer to its core mission: helping people live smarter, move faster, and sell with ease.

Expert commentary by Andreas Hassellöf, CEO of Ombori, on how enterprises are turning AI investment into measurable operational value and shifting from experimentation to disciplined adoption centred on workflows, governance, and business outcomes.

Large enterprises are beginning to speak more openly about the growing gap between AI adoption and measurable business outcomes, as companies reassess whether rising AI costs are translating into meaningful productivity gains.

Uber President and COO Andrew Macdonald recently said the company is finding it “harder to justify” increasing AI spending after internal discussions highlighted the difficulty of linking higher usage of AI coding tools such as Claude Code to a proportional increase in useful consumer-facing features. The comments followed reports that Uber had exhausted its 2026 budget for Claude Code within the first four months of the year, while CEO Dara Khosrowshahi confirmed the company is slowing hiring as it increases investment in AI initiatives.

At the same time, Microsoft has reportedly begun reducing internal use of Anthropic’s Claude Code within parts of its business, shifting developers toward GitHub Copilot CLI instead. Reports suggested the move was tied to Microsoft’s broader push toward its own AI ecosystem and internal tooling strategy rather than a retreat from AI adoption itself.

The developments have triggered wider debate around whether enterprises are entering a more measured phase of AI adoption, with greater focus on operational value, integration, and cost management rather than usage alone.

However, Andreas Hassellöf, CEO of Ombori, believes the issue is less about the capability of AI and more about how organisations are adapting to it.

“The real challenge has nothing to do with whether AI can increase productivity. It clearly can,” Hassellöf said. “The harder part is getting people and organisations to adapt how they actually work so the technology delivers results.”

According to Hassellöf, many companies are seeing high adoption rates and surging token consumption but are struggling to convert that activity into measurable business value. “The bottleneck is rarely the technology itself,” he said. “It is how teams change their processes, measure real outcomes, and build new habits around the tools.”

He added that the industry is now entering a more mature phase of enterprise AI adoption, where businesses are beginning to move beyond experimentation and focus instead on operational discipline, governance, and measurable outcomes. Companies that succeed, he said, will be the ones that redesign workflows around AI rather than simply layering tools onto existing processes.

“Just chatting casually with an AI coding tool and expecting it to handle everything is not enough,” Hassellöf said. “It wastes tokens and often creates more problems than it solves.”

Instead, he argues that successful AI implementation requires structured workflows where multiple AI agents handle specialised tasks such as coding, reviewing, testing, and formatting, while humans remain responsible for setting goals, reviewing outputs, and ensuring alignment with business outcomes.

“The technology is powerful, but the human side of adoption will decide whether a company succeeds with AI or whether it becomes just another expensive experiment,” he said.