A new global study from Kaspersky has revealed that a shortage of qualified cybersecurity professionals in the UAE is one of the biggest challenges organisations face in managing supply chain and trusted relationship risks. According to the research, 40% of UAE respondents cite a lack of skilled IT security workers, while 47% say they are forced to juggle multiple competing security priorities, leaving critical vulnerabilities unaddressed.
Supply chain attacks have climbed sharply in recent years, with one in three global organisations affected over the past 12 months, the study found. As these attacks grow more sophisticated, many UAE organisations report that internal resource constraints are limiting their ability to consistently monitor third‑party security postures and uncover hidden risks across partner ecosystems.
“When security teams are overstretched and understaffed, organisations are exposed to threats that move silently through their provider ecosystem.”
— Sergey Soldatov, Head of Security Operations Center, Kaspersky
Beyond staffing shortages, UAE respondents pointed to deeper structural challenges. Thirty‑seven percent said their supplier contracts lack clear IT security obligations, while 38% believe non‑IT employees do not fully understand the risks associated with third‑party access. This combination leaves organisations vulnerable to breaches originating from partners, vendors or service providers.
Globally, 78% of businesses acknowledge the need to improve protection against supply chain and trusted relationship threats, yet only 22% feel their current measures are effective. Even widely adopted tools remain underutilised two-factor authentication is used by just 40% of organisations, and only 38% regularly assess the cybersecurity posture of their contractors. As a result, nearly two‑thirds of businesses lack continuous visibility into partner security.
Notably, companies that have already experienced supply chain incidents tend to adopt more rigorous practices. These include demanding penetration test results, verifying compliance with industry standards, and reviewing partners’ own supply chain policies.
Soldatov emphasised the need for a unified approach: “Supply chain security must become a shared, enforceable responsibility across the entire business network.”
Kaspersky recommends a mix of managed security services, advanced employee training, stronger contractual requirements and closer collaboration with suppliers to improve resilience.
