The recent Red Sea internet cable disruption has been a reminder that even the most advanced digital economies depend on fragile infrastructure. For companies in ADGM and DIFC, this is more than an IT inconvenience – it is a regulatory and business resilience issue.
Here are five questions boards and executives should be asking today:
- Do we have redundant connectivity and provider diversity?
A single fibre break should not bring operations to a halt. Firms must ensure multiple routes, providers, and failover mechanisms are in place to guarantee continuity of critical services.
- Can critical operations continue if regional connectivity is disrupted?
Business continuity planning should extend beyond cyber threats to include physical and geopolitical disruptions. Regulators expect firms to demonstrate resilience in maintaining client-facing and internal operations under stress.
- Are we aligned with ADGM and DIFC regulatory expectations on resilience and incident management?
Both centres emphasise operational resilience in their IT risk and cybersecurity frameworks. Firms must be able to evidence documented policies, tested recovery capabilities, and timely incident reporting.
- Do we have full visibility on data flows, cloud dependencies, and third-party providers?
Disruptions highlight how reliant businesses are on international data routing and hyperscale cloud providers. Boards should demand clarity on where data travels, where it is stored, and how provider risk is managed.
- Have we tested recovery and continuity plans against real-world scenarios?
Tabletop exercises, resilience assessments, and stress tests provide assurance that plans are more than just documents. Regulators and clients alike are looking for demonstrable readiness.
The cable disruption is not a one-off event; it is part of the ‘new normal’ of global IT risk. For regulated firms in ADGM and DIFC, proving resilience is both a compliance obligation and a competitive advantage. Those that can assure uninterrupted operations – no matter what happens to the infrastructure beneath them – will strengthen trust with clients, regulators, and investors.
At Penta, we help financial and professional services firms in the UAE build resilience by design – combining compliance expertise with robust IT infrastructure, continuity planning, and managed Microsoft 365 services.
What happened in the Red Sea
- On 6 September 2025, several undersea internet cables in the Red Sea were damaged near Jeddah, Saudi Arabia.
- The breaks disrupted major connections linking Asia, the Middle East and Europe.
- Countries including the United Arab Emirates, India and Pakistan experienced slower speeds, delays and rerouted traffic.
- The likely cause was a ship’s anchor dragging on the seabed, after initial speculation about hostile actors.
- Repairs are expected to take weeks due to the complexity of undersea cable restoration work.