A new global study by Kaspersky has identified a growing cybersecurity talent shortage as a major risk factor for organisations across the Middle East, particularly as supply chain and trusted relationship attacks continue to rise. The report reveals that one in three businesses in the region experienced such an incident over the past year, highlighting the increasing exposure of interconnected business ecosystems.
According to the survey, 44% of organisations cited a lack of skilled cybersecurity professionals as a key challenge, while 42% pointed to the difficulty of managing multiple security priorities simultaneously. These constraints are limiting the ability of companies to effectively monitor third-party risks and respond to evolving threats.
The study also underscores structural weaknesses. Around 34% of respondents reported that their contracts lack clear IT security obligations for vendors, while 35% indicated that non-IT staff do not fully understand cybersecurity risks. These gaps further weaken organisational resilience against supply chain attacks.
Globally, 83% of businesses acknowledge the need to strengthen their defences against supply chain and trusted relationship threats, yet only 17% believe their current measures are effective. Adoption of protective practices remains inconsistent, with no single mitigation method used by more than 41% of organisations. Even widely recognised measures such as two-factor authentication are implemented by just 39% of respondents.
Additionally, only 41% of companies conduct regular reviews of their contractors’ cybersecurity posture, leaving nearly two-thirds without continuous visibility into partner risks. This lack of oversight increases vulnerability across extended digital ecosystems.
The report notes that organisations that have already experienced supply chain attacks tend to adopt stronger security practices. These include requesting penetration test results, verifying compliance with industry standards, and assessing suppliers’ own supply chain security policies.
To address these challenges, Kaspersky recommends a combination of strategic and operational measures. These include adopting managed security services, investing in cybersecurity training, conducting thorough supplier evaluations, embedding security requirements into contracts, and strengthening collaboration with partners on security practices.
Sergey Soldatov, Head of Security Operations Center at Kaspersky, emphasized that overstretched and understaffed security teams leave organisations exposed to threats that can move undetected across provider networks. He stressed the need for unified mitigation strategies, stronger contractor assessments, and improved cross-team awareness.
He added that supply chain security must become a shared responsibility across the entire business network, supported by preventive measures and a more strategic approach to supplier relationships.
