Artificial intelligence is moving rapidly into the heart of enterprise cybersecurity. In the UAE, where digital infrastructure underpins economic growth, that adoption is accelerating. The critical question is no longer whether to deploy AI for security, but whether organisations have the governance in place to make it work.
According to KPMG Middle East’s report The New Cyber Battleground, the past 18 months have seen a significant increase in AI-driven cybersecurity, analytics, and automation activity across the Middle East and globally. Yet the data behind that surge tells a more complicated story: more than 95% of AI use cases globally are failing to deliver measurable business or security outcomes. The gap between deployment and value is widening, and governance is at the centre of it.
“The UAE has demonstrated strong leadership in digital transformation and AI integration. In a more complex and fast-moving threat environment, organisations need to shift focus from speed of deployment to quality of implementation. Embedding accountability, validation, and lifecycle security into AI systems will be critical to strengthening resilience and maintaining trust as these technologies scale,” says Trevor Niblock, Partner, Digital Trust, KPMG Middle East.
The Trust Problem
The scale of the challenge is reflected in how people are already using AI at work. According to research cited in the report, 66% of professionals rely on AI outputs without evaluating their accuracy, while 56% report making mistakes in their work as a result. Only 46% of people globally say they are willing to trust AI systems.
These figures do not describe a workforce confidently operating within a governed AI framework; they describe one that has adopted AI faster than the structures around it have matured.
The KPMG report identifies this as “problem zero”. Organisations are racing to implement AI solutions before clearly defining the problems they are trying to solve, and before establishing the governance required to use those solutions safely.
By the Numbers
- More than 95% of AI use cases globally fail to deliver measurable value.
- 66% of professionals rely on AI output without evaluating its accuracy.
- 56% report making mistakes in their work due to AI.
- Only 46% of people globally are willing to trust AI systems.
- 70% believe there is a need for national and international AI regulation.
- 66% of people use AI regularly.
- 83% believe AI will result in a wide range of benefits.
Where to Start
The report’s framework is structured around a clear sequence: governance before deployment, not governance retrofitted after the fact. Its Trusted AI framework identifies 10 principles that AI solutions must meet, including accountability, data integrity, transparency, explainability, reliability, privacy, cybersecurity, safety, equity, and sustainability.
Together, these form a lifecycle model that embeds security and oversight from strategy through deployment and monitoring.
On the technical side, securing AI begins with treating data as a protected asset, enforcing lineage, provenance, rigorous cleaning, bias mitigation, and continuous monitoring throughout the training pipeline. Model protection follows through adversarial robustness testing and controlled model registries. Infrastructure must be hardened through secure pipelines and trusted execution environments.
“Securing AI is no longer about bolting controls; it is about engineering trust into the lifecycle — data, models, infrastructure, and operations, so AI can scale safely, confidently, and sustainably,” the report states.
A Five-Step Roadmap
For organisations beginning this process, KPMG outlines five practical steps:
- Establish trusted AI security governance.
- Understand the problem before choosing the solution, whether analytics, automation, AI, or agentic AI.
- Upskill employees to both secure and use AI for security.
- Use existing tools to create iterative value before scaling.
- Focus on easier challenges first to realise quick returns on investment.
The report is direct on one point: AI is not always the answer, and should not be the default starting point. Quick time to value is more reliably achieved through process automation in the first instance, provided organisations understand their end-to-end internal processes.
AI use cases require process maturity, good quality data, trained experts, and supporting infrastructure, building blocks that must be in place before deployment begins.
In the UAE, where AI adoption is moving from experimentation to scaled deployment, the organisations best positioned to lead are those treating governance not as a compliance exercise but as a strategic capability.
Source: KPMG Middle East, The New Cyber Battleground: Building Resilient, Secure AI Capabilities Across the Enterprise.
