Largest UAE and KSA Organizations Ahead of Global Counterparts in Protecting Customers from Email Fraud

Proofpoint’s analysis shows that 96% of the top companies in the UAE and KSA have adopted email authentication protocols to block fraudulent emails from reaching customers, outpacing global adoption at 83%

As email remains the number one threat vector used by cybercriminals, recent research by leading cybersecurity and compliance company Proofpoint reveals that organizations in the UAE and KSA are ahead of their global counterparts in implementing robust security measures to protect customers from email fraud.

According to a Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of the Forbes Global 2000 companies, a remarkable 96% of organizations in the UAE and KSA have published a DMARC (Domain-based Message Authentication, Reporting, and Conformance) record, compared to 83% of global companies.

DMARC is a critical email validation protocol designed to protect organizations from email spoofing and domain misuse by cybercriminals, ensuring that fraudulent emails are blocked before reaching their recipients. The highest level of DMARC protection, “reject,” is recommended as the most stringent method of preventing these risks.

Email fraud is one of the biggest cybersecurity concerns for CISOs in the UAE and KSA, with 45% citing it as the top threat for their organization in the next year, according to Proofpoint research.

In addition, as cybercriminals increasingly use artificial intelligence to make their lures more believable, it comes as no surprise that almost half (48%) of security leaders in the region also see GenAI as a security risk. Achieving full DMARC compliance allows organizations to prevent malicious emails from reaching inboxes, thus eliminating the risk of human error, no matter how convincing the lures may be.

Key findings from Proofpoint’s 2025 DMARC Analysis of the Forbes Global 2000 include:

• A notable 96% of organizations in the UAE and KSA listed in the Global 2000 have published a DMARC record. This is an improvement on last year, when 85% of the largest organizations in the UAE and KSA had published a DMARC record. 
• 68% of organizations in the UAE and KSA are actively blocking fraudulent emails by implementing DMARC at the “reject” level. This compares to just 39% of organizations globally and is an increase on last year, where 50% of UAE and KSA organizations implemented DMARC at the strictest level.
• In KSA specifically, 94% of organizations have published a DMARC record, with 56% of these adopting the strictest “reject” policy.
• In the UAE specifically, all organizations (100%) listed in the Global 2000 have published a DMARC record, and 92% have implemented the recommended “reject” policy.

“Organizations in the UAE and KSA continue to show remarkable leadership in the fight against email fraud, with nearly all of the top companies in the region adopting the best practices in email authentication.

This proactive approach significantly reduces the risk of domain spoofing and phishing attacks targeting their customers and partners,” says Emile Abou Saleh, Vice President, Northern Europe, Middle East, Turkey and Africa for Proofpoint. “As global email service providers ramp up their authentication requirements, companies in the Middle East must maintain this momentum and ensure they remain compliant to protect both their customers and their brands from malicious actors.”