The Middle East and North Africa (MENA) region is facing a significant cybersecurity workforce shortage, according to Mastercard's broader EEMEA (Eastern Europe, Middle East, and Africa) analysis. An estimated 300,000 positions are still vacant right now. The finding comes from Mastercard’s Cyber Pulse Report 2026, which analyzed threat intelligence and security trends between March 2025 and March 2026.
This shortage comes at a time when cyberattacks have been getting more sophisticated. Reportedly, 43% of companies in the MENA region were struggling with understaffing of their cybersecurity personnel.
According to the report, the Middle East was the most targeted sub-region within Mastercard's broader EEMEA analysis. Nearly 50% of all cyberattacks recorded across the EEMEA region during the research period targeted organizations in the Middle East.
The region accounted for 49% of attacks, compared with 36% in Eastern Europe and 15% in Africa. Rapid digitization and increased connectivity continue to expand the attack surface for cybercriminals. The political instability in the region contributes significantly to the rising level of cyber threats.
In its report on the security status of almost 400 companies in EEMEA, Mastercard identified several cybersecurity vulnerabilities relative to global standards. The main issues are associated with software patching, security of web apps, encryption of web pages, and network filtering.
Cybersecurity is no longer viewed merely as the domain of IT departments. Rather, it is seen as a business-critical activity involving such concerns as continuity, compliance, and trust. There are calls for executives to take cyber resilience seriously.
The MENA talent shortage reflects a broader global problem. Experts estimate that the global cybersecurity workforce shortage still amounts to several million professionals. Companies are struggling to secure qualified employees with skills in cloud security, AI security, threat intelligence, and incident response.
Mastercard has proposed that organizations should implement practices such as having real-time asset inventories, automatic patch management, improved encryption, network controls, and security testing during software development to minimize their risks.