Gregg Petersen, Regional Director for the Middle East and Africa at Cohesity, discusses how the cybersecurity focuses on the region is shifting from pure defense to resilience – powered by AI, automation, and a renewed emphasis on data sovereignty and digital trust.
We’ve seen a clear shift in how regional organisations think about cybersecurity. Instead of focusing only on defence, there’s now a stronger push toward resilience. From your perspective, what’s driving this change in mindset across the Middle East?
You’re absolutely right, and it’s something we’re seeing across every sector. The reality is that no defence is perfect anymore. Organisations are starting to realise that what matters most is how quickly they can recover and keep operating after a cyber attack or incident. Our latest research in the UAE reflects this shift, with two-thirds of organisations stating they’re now fully compliant with national data protection laws; however, many are also aware that compliance alone doesn’t make them resilient. Interestingly, cyber risk has dropped behind competition and economic uncertainty as a top concern, which shows that businesses now see resilience as a much broader goal, not just a cybersecurity one.
You mentioned resilience, and a big part of that today is powered by AI. How do you see AI changing the way companies not only prevent threats but also recover quickly after an attack?
AI is completely transforming the way organisations think about resilience. It’s not just about spotting a breach faster but also recovering faster. In our study, 70 percent of UAE organisations said AI and automation will be most valuable in reducing third-party and multicloud security risks. At our company, we’re using AI through our Gaia solution capabilities to help customers query and gain additional insight from their backup and archival data, accelerate decision-making, and shortening time to recovery. Gaia brings these capabilities together by turning secondary datasets into actionable insights, helping teams respond faster and make smarter choices when incidents occur. It reduces reliance on basic, manual processes and gives IT and security teams the visibility and assurance they need to act quickly when attacks happen. Essentially, AI is helping businesses stay one step ahead and build a more intelligent, self-healing approach to data protection.
At the same time, AI also raises questions around trust and data control. Data sovereignty has become a major theme across the region. Why is it emerging as such an important pillar of trust, and how are organisations responding?
Data sovereignty is now at the centre of digital trust. As AI systems become more data-intensive, organisations want to make sure sensitive data stays within national borders and follows local regulations. What’s interesting from our research is that 62 percent of UAE organisations now monitor their vendors’ compliance directly, instead of relying entirely on third parties to do so themselves. That’s a big change and indicates that organisations are starting to recognise that data sovereignty best practices can also provide a data insight advantage as well as addressing a critical compliance requirement. With initiatives like the UAE’s Stargate programme and the country’s AI ethics guidelines, we’re seeing a clear commitment to combining innovation with accountability. Over time, this balance between innovation and control will become a defining marker of digital leadership in the region.
Building on that, even with stronger controls in place, recovery speed often determines how much impact an attack really has. In your view, what sets apart companies that bounce back within hours from those that take days or weeks to recover?
It really comes down to cyber readiness through preparation and automation. The companies that test their recovery plans, use immutable backups, and follow a zero-trust approach are the ones that recover the fastest. In our UAE research, 87 percent of organisations said they’re confident they can recover data quickly and stay compliant after a cyber incident. That confidence doesn’t happen overnight. It comes from investing in the right technology and treating recovery as an everyday process, not a once-a-year exercise. The more embedded recovery becomes in daily operations, the stronger an organisation’s overall resilience will be.
Finally, looking ahead, as the region accelerates its AI-driven transformation and national digital agendas, where do you fit into this picture, and how are you helping customers stay secure and resilient for what’s next?
Our focus is on helping organisations simplify and strengthen how they protect, manage, and recover data. Across the Middle East, digital transformation and AI adoption are moving fast, creating both opportunities and new forms of risk. Data volumes are growing, regulations are evolving, and the speed of change leaves little room for error. We’re working with enterprises across the region to build resilience from the ground up. That means ensuring data is secure, compliant, and recoverable at any moment. By combining intelligent automation with strong governance, we help customers innovate confidently, knowing that their data is always protected, and their operations can recover quickly when needed. At the end of the day, resilience is not just a response to threats; it’s about creating confidence in every recovery and making security part of everyday business. That’s the mindset we’re encouraging across the region.
