The Kingdom of Saudi Arabia continues to advance its strategic commitment to cybersecurity, led by its National Cybersecurity Authority (NCA), the driver of many of the country’s cyber protection initiatives.
The NCA, formed in 2017, in the past year has released a number of regulations such as the new Personal Data Protection Law 2023, Data Cybersecurity Controls, Operational Technology Cybersecurity Controls, the cybersecurity toolkit 2.0, and the guide to essential cybersecurity controls implementation.
The regulatory regimes governing data in the Kingdom have “evolved in leaps and bounds” over the past 24 months, says Nader Henein, VP analyst at Gartner.
“The level of care and attention directed towards data protection, whether from a security or governance perspective, is experiencing a renaissance,” Henein says. “This is not limited to one industry, such as energy or banking, but spans the breadth of the digital ecosystem across the kingdom.”
Building the Workforce
Saudi Arabia has also focused heavily on protecting national entities and building a capable cyber workforce.
The Kingdom’s growing array of regulatory tools, toolkits, and guidelines has been recognized globally by the International Telecommunications Union’s Global Cybersecurity Index, ranking Saudi Arabia in second place after the United States.
“Saudi Arabia has made significant strides in bolstering its cybersecurity infrastructure over the last year,” says Shilpi Handa, associate research director of cybersecurity for IDC MEA. “The efforts have come in from both the public and private sectors, along with regulatory bodies.”
Handa notes that these increased cybersecurity investments go beyond “basic cyber controls” and extend to the modernization of cybersecurity in the kingdom.
“There has been immense focus on leveraging cybersecurity for economic growth, job creation, and research and development,” she says.
This year also saw a busy roster of industry events held in the kingdom, such as the Global Cybersecurity Forum (GCF), Black Hat Middle East, Intersec, LEAP, and World CyberCon.
In June 2023, GCF launched a sister body devoted to strengthening international cooperation in cybersecurity: the Global Cybersecurity Forum Institute (GCFI). The Institute aims to harness the potential of cyberspace and support efforts to boost cyber safety on a global scale.
According to Haitham Al-Jowhari, partner of digital infrastructure & cybersecurity at PwC Middle East in Saudi Arabia, the GCFI will help position the kingdom as a cybersecurity role model globally.
“I anticipate that the joint efforts of the GCFI will result in the release of a number of publications and leading practices that will serve as a baseline for the international community,” he says. “This leadership position will positively reflect on the kingdom and strengthen the resilience of its critical national infrastructure.”
IDC’s Handa believes the GCFI initiative will channel efforts into policy, technology, and practical perspectives, and praised the kingdom’s “dedication to capacity and capability building.” Handa points out that Saudi Arabia’s robust footprint and cybersecurity expertise — with its National Cybersecurity Centre, the Saudi Federation for Cybersecurity, Programming, and Drones, and the National Cybersecurity Authority — have been established.
Cyberattack Incoming
Nevertheless, Saudi Arabia remains one of the world’s most-attacked countries by cyber threat actors. The losses suffered by Gulf countries from cyberattacks are among the highest globally. According to data from IBM for 2020, the average cost of a cyberattack on an organization in Saudi Arabia and the United Arab Emirates was $6.53 million, which is 69% more than the global average.
“Saudi Arabia’s attractiveness to cybercriminals can be attributed to several factors, including the country’s strategic importance, economic significance, political landscape, and abundant natural resources,” Handa says.
According to Handa, Saudi Arabia can further bolster its cyber resilience by prioritizing initiatives such as education and training programs, investing in advanced technologies, fostering public-private collaboration, implementing robust regulatory frameworks, and building a skilled cybersecurity workforce.
Al-Jowhari, meanwhile, says Saudi Arabia remains a leader in the region when it comes to cybersecurity. It has strong sponsorship from the country’s leadership; governance at a national level spearheaded by the NCA; and the disciplined implementation of the cybersecurity agenda across stakeholders, he notes.
Need for People
Like many other nations, Saudi Arabia is facing a severe cyberskills shortage. The demand for cybersecurity professionals is soaring, with four out of the top 10 fastest-growing job roles in Saudi Arabia falling within the cybersecurity, data analysis, and software development fields.
“This trend presents a significant opportunity for ambitious Saudi youths to embark on a lucrative career path in cybersecurity,” notes Handa. “Proactive efforts by government, companies, and educational institutions are essential to nurture talent in this field.”
To this end, the Saudi government is investing heavily in initiatives to enhance digital skills, including a $1.2 billion plan to train 100,000 youths in fields like cybersecurity.
Efforts to promote Saudization and female empowerment align with Saudi Vision 2030, with women constituting 45% of the cybersecurity workforce.
IDC’s Handa says government and industry are fostering a more conducive environment for Saudi youth to “leverage flexible education pathways and certifications” to enter the cybersecurity field, which will benefit the Kingdom’s digital security in the future.
Source: www.darkreading.com