• A broader mix of financially motivated and disruptive threat activities are responsible for 71% of cybercrime in the region

Riyadh, Saudi Arabia: Mastercard released its inaugural Cyber Pulse report, offering a comprehensive view of the evolving cyber threat landscape across Eastern Europe, the Middle East, and Africa (EEMEA) over the last year.

The report combines regional threat intelligence from Mastercard's Cyber Insights platform with organizational cyber health assessments from RiskRecon, a tool which allows companies to evaluate the level of security of their internet-facing assets. This also includes advanced threat intelligence from Recorded Future - acquired by Mastercard in December 2024 - which continuously analyzes data to identify emerging cyber threats and risk patterns.

With visibility across evolving threat activity and the practical impact on businesses and governments, the report translates cyber risk into insights that matter for operational resilience, economic continuity, and long‑term trust in the digital economy.

Global research underscores just how material cyber risk has become for businesses in our region. Analysis cited IBM cost of data breach report 2025 shows that the average cost of a data breach in the Middle East is nearly US$7.29 million per incident - 64% higher than the global average - reinforcing why cyber resilience today is firmly a leadership and board-level concern.

The findings show that cybercrime across the region increased in early 2026 following a period of geopolitical instability, underscoring the need for organizations to move beyond awareness and towards sustained cyber readiness and resilience. The report also identifies that financially motivated and disruptive activity accounts for 71% of observed cybercrime across EEMEA, reinforcing the need for stronger cyber readiness across sectors.

“Cyber resilience is synonymous with business resilience and operational wellbeing. Our first Cyber Pulse report highlights the importance for organizations adopting a proactive and integrated approach to cybersecurity alongside consistent vigilance. At Mastercard, we are committed to empowering our partners and customers with the intelligence, tools, and expertise they need to navigate the complex cyber landscape, secure their digital assets, and build a more secure digital future for everyone who engages in the digital economy,” said Selin Bahadirli, Executive Vice President Services, EEMEA, Mastercard.

Business systems are primary targets

The Mastercard Cyber Pulse Report notes that business systems, customer information, and physical infrastructure are the primary targets for attackers, accounting for 66% of all targets. Most attackers aim to disrupt operations, commit fraud, and cause physical damage. Certain sectors are also at higher risk of cyberattacks. In the EEMEA region for example, the public, technology, and financial sectors account for 44% of all targeted industries. These sectors are attractive targets due to the concentration of high‑value data and their importance to economic and digital ecosystems.

Cyber risk often scales through repeatable patterns

Common attack methods such as malware, ransomware, and email-based social engineering continue to dominate across EEMEA. While baseline cyber health remains relatively strong in some markets, application security and web encryption emerge as consistent areas for improvement. To help remedy this, the report provides specific recommendations for businesses including improving application security and vulnerability management.

Cybersecurity capabilities available to organizations

Cyber resilience matters not only for large institutions, but for the millions of micros, small, and medium‑sized businesses that depend on secure, reliable access to the digital economy. Strengthening cyber resilience is therefore a critical enabler of sustainable growth, inclusion, and long‑term economic participation.

Globally, Mastercard has already surpassed its goal of bringing 50 million micro, small, and medium‑sized enterprises into the digital economy, and is now advancing a new ambition to connect and protect 500 million individuals and small businesses by 2030 - reinforcing our long‑term commitment to inclusive and resilient growth.

This commitment is underpinned by sustained investment in trust and security. Since 2019, Mastercard has invested approximately $12.6 billion in cybersecurity innovation. In 2025 alone, the company processed 175 billion transactions, leveraging its insights and advanced data science to detect vulnerabilities faster and with greater precision, enhancing protection across the ecosystem.

Through its comprehensive suite of cyber advisory services, global partnerships, and intelligence‑led capabilities; this includes Recorded Future, which delivers real‑time insight into cyber threats enabling businesses and governments to identify emerging risks earlier, prioritize response, and make more informed decisions in an increasingly complex digital environment.

Combined with products such as RiskRecon, CyberQuant, and Cyber Insights, Mastercard enables organizations to assess their cyber exposure, understand how threats may evolve, and translate intelligence into practical actions that strengthen trust, continuity, and resilience.

The full Mastercard Cyber Pulse report is available here.

About Mastercard

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a resilient economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

www.mastercard.com

Mastercard Communications Contact: Rama.Alsayegh@mastercard.com

Disclaimer:

This report is provided by Mastercard solely for informational purposes and is based on publicly available information. Mastercard makes no representations or warranties regarding the accuracy, completeness, or suitability of the information contained in this report.

Any references to cyber threat actors or groups are based solely on publicly available information and should not be interpreted as independent attribution by Mastercard. This report does not constitute legal, regulatory, compliance, or attribution of advice and should not be used as the basis for actions such as sanctions, blacklisting, enforcement decisions, or any other governmental or commercial determinations.

To the fullest extent permitted by law, Mastercard disclaims all liability arising from any use or misuse of the information contained in this report.

All rights, title, and interest in the content of this report remain in the exclusive property of Mastercard and/or its affiliates. No part of this report may be used, reproduced, distributed, or published except as expressly authorized by Mastercard and in compliance with applicable laws.