Global study reveals 24% of organisations in the UAE & Saudi Arabia already deploy autonomous AI agents with little to no governance, while 52% of employees admit they are unlikely to be able to spot attacks such as deepfakes.
KnowBe4 has released findings of its new research report, “From Agentic Risk to Human Wins: Building a Culture of Security in the Era of Agentic AI.” Research finds that autonomous AI tools are expanding the corporate attack surface faster than security teams can implement guardrails.
With agentic AI now widely embedded in day-to-day work, 84% of cybersecurity leaders in the UAE & Saudi Arabia report that AI agents are already taking actions within organizational workflows. However, a lack of governance is leaving organisations exposed. The report shows that around 1 in every 4 organisations (24%) report their use of AI is unapproved or ungoverned. This unmanaged “Shadow AI” effectively operates as an invisible layer of shadow employees handling sensitive organizational data without oversight.
Insights from UAE & Saudi Workforce on AI driven attacks
88% of employees in the UAE & Saudi Arabia say that deepfake voice and video content is now so realistic it is impossible to know what to trust. 52% openly admit they could be tricked by a deepfake scam at work.
More than half (54%) of cybersecurity leaders in the UAE & Saudi Arabia report that mistakes during everyday work have had the greatest impact on their organisation’s cybersecurity in the past 12 months. Compounding this, 44% of employees acknowledge that time pressures and workplace distractions actively drive them to make critical security mistakes, even when they know the safe protocol.
Join the Techitup Executive Network
Join the Middle East’s inner circle of C-Suite Tech Leaders. Exclusive access to closed-door regional roundtables, priority VIP seating at our annual awards, and strategic industry briefings.
36% of cybersecurity leaders in the UAE & Saudi Arabia identify AI-enabled attacks as a key driver of future human-related cybersecurity risks.
41% of employees reported that they commonly source their own agentic AI tools where options are unavailable or restrictive, leaving organisations vulnerable to cyberattacks. Concurrently, 52% of cybersecurity leaders report that the use of unsanctioned software and AI apps has actively impacted their security posture over the past 12 months.
Although 76% of security leaders feel “very well prepared” to handle unexpected or emerging AI-driven threats over the next year, 84% of them confirmed that improvements are still needed to ensure AI tools and agents operate within organization’s security policies and approved risk limits.
The report shows that organizations making progress are those who prioritize cybersecurity as a culture over a mere function, seamlessly incorporating secure behaviours into daily work. These organisations are creating environments where employees feel safe reporting mistakes, with 82% of employees agreeing.
“Cybersecurity has entered a volatile phase where organisations are trying to secure a hybrid human and AI workforce that’s changing more quickly than security leaders can keep up,” said Dr. Martin Kraemer, CISO Advisor at KnowBe4. “Attackers are moving at machine speed, using attacks such as deepfakes to target employees and prompt injections to hijack AI agents. Leaving almost a quarter of your corporate AI usage ungoverned is a massive open invitation to threat actors.”
The report concludes that achieving “Wins” requires organizations to design systems that guide behaviour, build supportive cultures, and shift from tracking failures to reinforcing positive actions. The report also stresses on extending a security-first mindset across both AI agents and humans, .
For more information you can download the UAE & Saudi Arabia data insights here and the Global report here.
Disclaimer: This is a vendor-sponsored study commissioned by KnowBe4 and based on a global survey conducted by Vanson Bourne, covering 4,000 professionals—800 security decision-makers and 3,200 employees—across the Americas, EMEA, and APJ regions, representing organizations with 250 or more employees. Readers are encouraged to review the full report for additional context, methodology, and detailed findings.
