A severe shortage of cybersecurity professionals is leaving organizations across the Middle East, North Africa and Africa increasingly vulnerable to cyber threats, according to Mastercard’s Cyber Pulse Report 2026.
The report estimates that the MENA region faces a deficit of around 300,000 cybersecurity specialists, while Africa has only about 20,000 certified professionals serving the entire continent. The staffing gap is creating significant challenges for businesses as cyberattacks grow in scale and sophistication.
According to the findings, 43 percent of organizations across the region acknowledged that their security teams are understaffed. Mastercard warned that the lack of qualified personnel is limiting companies’ ability to respond effectively to emerging threats and maintain adequate protection of digital infrastructure.
The report urged business leaders to elevate cybersecurity from an operational concern to a strategic priority. Selin Bahadirli, Executive Vice President of Services for Eastern Europe, Middle East and Africa at Mastercard, said cyber resilience is closely linked to business continuity, regulatory compliance and customer confidence.
She stressed that cybersecurity decisions should receive attention at the highest levels of management, including chief executives and corporate boards, as organizations face growing risks from digital attacks.
Mastercard’s analysis, conducted through its RiskRecon platform, assessed 397 organizations across the Eastern Europe, Middle East and Africa region and compared them with a global benchmark of nearly 396,000 entities. The study identified four areas where regional organizations consistently trail global peers: software patch management, web application security, web encryption and network filtering.
To strengthen defenses, Mastercard recommended that organizations maintain real-time inventories of digital assets, automate software updates and patching processes, adopt modern encryption standards such as TLS 1.2 or higher, implement strict network filtering policies and integrate security testing into software development workflows.
The report also highlighted a sharp rise in cyber threats targeting the Middle East. The region accounted for 49 percent of all cyber incidents recorded across Eastern Europe, the Middle East and Africa during the 13-month period from March 2025 to March 2026. Eastern Europe represented 36 percent of attacks, while Africa accounted for 15 percent.
Among the most targeted countries in the region were the United Arab Emirates, Ukraine and Pakistan, according to the report.
Researchers also identified a strong connection between geopolitical developments and cyber threat activity. Following a regional escalation in late February 2026, cyberattacks against Gulf Cooperation Council countries surged by 198 percent on the first day of the conflict.
The report described the first 10 days after a geopolitical crisis as the most dangerous period for cyber activity. Attack volumes remained significantly elevated throughout March, indicating that threats often persist long after the initial spike.
Mastercard cautioned that organizations should remain on high alert even after major incidents appear to subside, noting that attack levels frequently remain two to three times higher than normal following periods of heightened tension.
