Seeking economic cyber security:
a Middle Eastern example
School of Advanced Study (Institute of Advanced Legal Studies),
University of London, London, UK
Purpose –The transformation of the United Arab Emirates (UAE) into an important global economic
player has beenaccompanied by digitalization that has also left it ata risk to cybercrime.Concurrent with the
rise in technology use, the UAE fast became one of the most targetedcountries in the world. The purpose of
this paper is to discusshow the UAE has tried to cope with accelerating levels of cyber threat usinglegislative
and regulatoryefforts as well as public- and private-sector initiativesmeant to raise cybersecurity awareness.
Design/methodology/approach –The paper surveys the UAE’s cybersecurity legislative, regulatory
and educationalinitiatives from 2003 to 2019.
Findings –Because the human factor still remains the number one reason for security breaches, robust
cyber laws alone are not enough to protect against cyber threats. Building public awareness and educating
internet users about cyber risks and safety have become essential components of the UAE’s efforts in
buildinga moresecure cyber environment for the country.
Research limitations/implications –The paper relies on English-language translations of primary
sources (laws) originallyin Arabic, as well as English-language studies from local media.This should not be
considereda problem, as English is established as the language of businessand commerce in the UAE.
Practical implications –The paper provides a detailed overview of the country’s cybersecurity
environmentto guide and aide practitioners with risk assessment and legaland regulatory compliance.
Originality/value –The paper presents a comprehensiveoverview of the UAE’s cybersecurity legislative,
regulatory and educationalenvironment. It also surveys government and private sector initiativesdirected in
protectingthe country’s cyberspace.
Keywords United Arab Emirates, Cybersecurity, Laws, Regulations, Cybercrime
Paper type Research paper
Despite rapid legislative development, many Gulf Cooperation Council (GCC) area
companies still lack digitalstrategies to protect them from economic crime, which resultsin
under-developed security measures (Bohsali et al.,2016). A recent survey of 700 executives
and information technology professionals in the region revealed that almost half the
respondents “do not believe that their organization is capable of predicting or preventing
cyber attacks”(GBM 7, 2019). This is especiallyalarming since the GCC countries including
the United Arab Emirates (UAE) have had cybersecurity legal and regulatory frameworks
in place by at least 2006.
The UAE’s cybersecurity efforts demonstrate that to tackle cybercrime successfully it is not
enough just to have in place robust laws and regulations. It also demands actions to raise
public awareness about cyber threats and security. Doing so requires public–private sector
cooperation in areas of education and intelligence sharing. In 2019, the country’s
Telecommunications Regulatory Authority (TRA) announced an updated National
Cybersecurity Strategy (NCS) aimed at mobilizing the whole cybersecurity ecosystem in the
UAE. The strategy is meant to be implemented and monitored via clearly deﬁned key
Journalof Money Laundering
Vol.23 No. 2, 2020
© Emerald Publishing Limited
The current issue and full text archive of this journal is available on Emerald Insight at: