The Kingdom of Saudi Arabia has embarked on a transformative journey to fortify its cybersecurity landscape, spearheaded by the National Cybersecurity Authority (NCA). Established in 2017, the NCA has been at the forefront of shaping and implementing the country’s cybersecurity initiatives, culminating in a remarkable evolution of its regulatory framework and cyber defense capabilities.
Regulatory Revolution
Over the past year, the NCA has introduced a series of groundbreaking regulations, firmly establishing Saudi Arabia’s commitment to data security. These include the new Personal Data Protection Law of 2023, Data Cybersecurity Controls, Operational Technology Cybersecurity Controls, the cybersecurity toolkit 2.0, and the guide to essential cybersecurity controls implementation.
Nader Henein, VP Analyst at Gartner, emphasizes that Saudi Arabia’s approach to data protection has taken significant strides forward. This commitment extends across industries, creating a comprehensive framework to safeguard digital assets throughout the kingdom’s expansive digital ecosystem.
Nurturing a Cyber Workforce
In tandem with regulatory advancements, Saudi Arabia has dedicated substantial efforts to protect national entities and cultivate a skilled cybersecurity workforce. The kingdom has strategically employed an array of regulatory tools, toolkits, and guidelines, earning global recognition from the International Telecommunications Union’s Global Cybersecurity Index, where Saudi Arabia ranks second, only behind the United States.
Shilpi Handa, Associate Research Director of Cybersecurity for IDC MEA, underscores that Saudi Arabia’s investments in cybersecurity transcend basic controls. They encompass the modernization of cybersecurity across various sectors with a keen focus on economic growth, job creation, and research and development.
In 2023, Saudi Arabia hosted a series of prominent industry events, including the Global Cybersecurity Forum (GCF), Black Hat Middle East, Intersec, LEAP, and World CyberCon. Notably, GCF birthed the Global Cybersecurity Forum Institute (GCFI) in June 2023, dedicated to bolstering international cooperation in cybersecurity. Haitham Al-Jowhari, Partner of Digital Infrastructure & Cybersecurity at PwC Middle East in Saudi Arabia, foresees the GCFI as a catalyst in establishing the kingdom as a global cybersecurity role model.
Al-Jowhari anticipates that the GCFI’s collaborative efforts will yield valuable publications and best practices, enhancing the kingdom’s reputation and reinforcing the resilience of its critical national infrastructure.
Facing Persistent Threats
Despite these commendable strides, Saudi Arabia remains a prime target for cyber threat actors, enduring a high frequency of cyberattacks. The Gulf region ranks among the world’s most affected areas by cyber incidents. In 2020, the average cost of a cyberattack on an organization in Saudi Arabia and the United Arab Emirates exceeded the global average by a substantial 69%, reaching $6.53 million, according to IBM data.
Shilpi Handa emphasizes that Saudi Arabia’s allure to cybercriminals is multi-faceted, rooted in its strategic significance, economic prominence, political landscape, and abundant natural resources. To bolster its cyber resilience further, Saudi Arabia must prioritize several initiatives, including education and training programs, investments in advanced technologies, fostering public-private collaboration, implementing robust regulatory frameworks, and cultivating a skilled cybersecurity workforce.
The Quest for Cyber Talent
Similar to many nations, Saudi Arabia grapples with a shortage of cybersecurity professionals. The demand for experts in this field is soaring, with four of the top 10 fastest-growing job roles in Saudi Arabia linked to cybersecurity, data analysis, and software development.
This scenario presents a golden opportunity for ambitious Saudi youths to embark on a rewarding career path in cybersecurity. Handa underscores that proactive efforts by government entities, corporations, and educational institutions are essential to nurture talent in this crucial sector.
In alignment with Saudi Vision 2030, the government has committed significant investments to enhance digital skills. A $1.2 billion plan has been initiated to train 100,000 youths in fields like cybersecurity, emphasizing the kingdom’s dedication to Saudization and female empowerment. Notably, women constitute 45% of the cybersecurity workforce in Saudi Arabia.
IDC’s Handa highlights the collaborative efforts of government and industry in creating a conducive environment for Saudi youth to access flexible education pathways and certifications, ensuring the kingdom’s digital security thrives in the years to come.
In conclusion, Saudi Arabia’s ascent as a global cybersecurity leader is a testament to its unwavering commitment to digital security and resilience. With a robust regulatory framework, investments in a skilled workforce, and a clear vision for the future, the kingdom is poised to navigate the evolving cybersecurity landscape successfully. While challenges persist, Saudi Arabia’s determination and strategic approach make it a shining beacon in the global cybersecurity arena.