Secure access: The authorities work to enhance cybersecurity and resilience in the face of evolving online threats


Cybersecurity is a priority for Saudi Arabia, a country that is making significant investment in boosting its capacity and is rapidly advancing as a global leader in the space. The Kingdom was the top-ranked Arab country in the International Telecommunication Union’s 2018 global cybersecurity index, and ranked 13th overall out of 175 countries. Increased focus on cybersecurity has also driven growth in the wider ICT sector, as players and investors become more secure, and new technologies and services come on-line to service stakeholders.

The steady expansion in cybersecurity capacity is closely linked to overall economic development, especially as the country moves towards smart cities, artificial intelligence and the internet of things (IoT). While these new technologies will bring innovation and efficiency, they can also present a challenge in terms of cyber-resilience. As technology increasingly permeates all areas of the economy, notable sources of potential vulnerability include key national road and utility projects, and it will be necessary for businesses to continue to focus on protecting their core operations against cyberthreats.


The renewed focus on cybersecurity follows a number of incidents in recent years that saw cyber-vulnerabilities exploited. In 2018 Saudi Arabia reported that over 160,000 cyberattacks hit its servers each day, making the Kingdom the recipient of the largest number of such attacks in the Middle East. Major attacks included those tied to the particularly destructive Shamoon malware, which hit major institutions such as Saudi Aramco, the General Authority of Civil Aviation and the Ministry of Labour between 2012 and 2017 (see Security, Aerospace & Defence chapter).

The rise of cloud computing has also brought about the need for additional layers of cybersecurity. ”Cloud computing in Saudi Arabia is in high demand, and this is good news for vendors and IT professionals,” Khalid Al Shangiti, CEO of technology infrastructure solutions provider Ebttikar, told OBG. “However, the more data that is stored in the cloud, the more secure the Kingdom’s cyberspace needs to be as threats from third parties emerge.”


The cost of data breaches is high, with Saudi Arabia ranking second in data breach costs, according to IBM’s “2019 Cost of Data Breach Report”, which analysed breaches from 507 organisations in 16 countries. The average cost of a breach in Saudi Arabia was $6m, behind only to the US, where breaches cost an average of $8.2m. The report found that the Middle East had the highest average number of breached records, at 38,300 per incident, compared to the global average of 25,500.

Cybersecurity Authority

The National Cybersecurity Authority (NCA) was founded in 2017 in order to advance the country’s efforts to guard against these threats. Tasked with regulating and overseeing cybersecurity preparedness, the NCA develops policies, frameworks and guidelines that protect networks, systems and electronic data. It also periodically assesses and measures regulatory compliance among government agencies and private sector entities. In October 2018 the NCA issued minimum standards to reduce the risk of cyberthreats for government agencies. Official bodies were instructed to upgrade their cybersecurity protection measures, including those regarding external cybersecurity, cloud computing, industrial control systems and consolidation.


As the country pushes to build greater cyber-resilience, it will be necessary to boost training and awareness of the dangers posed by cyberattacks. To that end, in February 2020 the NCA signed an agreement with the Human Resources Development Fund to work together to provide the Saudi workforce with the skills and knowledge necessary to find a job in the field of cybersecurity. Online courses will be developed by the NCA and posted on the fund’s Doroob online platform, which aims to train Saudis for jobs in the private sector.

A memorandum of understanding was also signed in February 2020 between the NCA and King Abdullah University of Science and Technology, aiming to bolster cooperation in cybersecurity training. The the two parties will develop educational programmes in order to increase the number of qualified cybersecurity professionals living in Saudi Arabia, as well as boost information sharing. The agreement also targets the development of new technologies to help enhance cybersecurity protections for critical infrastructure.

Global Cybersecurity Forum

As an indication of the importance the country is placing on cybersecurity, Riyadh hosted the first Global Cybersecurity Forum in February 2020. The event brought together 1200 delegates and 100 speakers, and provided an opportunity to discuss challenges, solutions, and the role of the public and private sectors in building a secure digital society. The forum aimed to enhance cooperation to ensure the world’s collective cybersecurity and was held under the patronage of King Salman bin Abdulaziz Al Saud.

Smart Cities

The move towards smart cities will result in greater reliance on technology for daily living, and as such, new types of cyber-vulnerabilities are expected to emerge. Al Widyan, a 700-ha planned smart city on the outskirts of Riyadh, is one such project, and aims to implement smart city management systems, traffic and mobility solutions, and building and utilities management.

The $500bn NEOM city development in the northwest is another ambitious smart-city project and a key part of Vision 2030. It is being designed as a high-tech, renewable energy-driven mega-city spread over 26,500 sq km on the Red Sea coast. The project – the first phase of which is not due for completion until 2025 – will use advanced technology to integrate secure systems to help address inherent cybersecurity vulnerabilities in software or control systems that are used to operate the volume of connected devices. “Everyone who visits, invests or trades with NEOM can be confident that their interactions with, and through, NEOM’s digital infrastructure will be at the highest level of security,” Mike Loginov, chief information security officer at NEOM, told industry media in March 2020. Such security precautions will remain of vital importance for the country’s future city developments.

Social Development

The Kingdom has also been looking at broader social issues related to cybersecurity. The NCA announced two initiatives in February 2020 focused on protecting children online and increasing the number of women employed in cybersecurity, indicating that these issues would be areas of focus in the future. The first initiative seeks to develop best practices, policies and programmes to safeguard children in the digital space. It was created in response to the growing number of cyberthreats children face online and will build global partnerships to develop protective measures for young internet users. The second initiative will encourage women to work in cybersecurity and support them in pursuing leadership roles.

With an increasing number of people and devices connected to the internet, cybersecurity will continue to be a top priority as the country’s digital economy advances at pace. The number of people with access to the internet in Saudi Arabia increased from 15m in 2012 to 23m in 2018, underscoring the need to ensure secure access. IoT will bring inherent challenges given the volume of devices connected, while other issues such as hacktivism – or the disruption of services rather than the theft of information – may also emerge. Given that cyberattacks were identified by the World Economic Forum as one of the top-10 risks in terms of likelihood in its “Global Risk Report 2020”, cybersecurity will remain a critical area of shared global concern that will necessitate continuous investment and innovation.