Cybersecurity in the Kingdom of Saudi Arabia

Cybersecurity in the Kingdom consists of the nation's efforts in providing a safe environment for digital processes and data through an effective security system. Moreover, it seeks to develop, implement and supervise the national cybersecurity strategy.

Cybersecurity in the Kingdom is a crucial governmental body supported by the National Cybersecurity Authority and the Saudi Federation for Cybersecurity, Programming and Drones.

The first cybersecurity measures were first implemented in the Kingdom through the establishment of the National Cybersecurity Authority in 2017, which is directly connected to the Custodian of the Two Holy Mosques. A Royal Decree was issued to develop and regulate a national reference entity in the field of cybersecurity, and was the first autonomous governmental national entity in the field of cybersecurity in the Kingdom. Its core mission is to protect the Kingdom's vital interests, national security and critical infrastructure.

As the competent authority for cybersecurity in the Kingdom, the National Cybersecurity Authority issues the documents related to the basic cybersecurity controls clarifying the minimum standards to be applied in various governmental agencies to reduce the risks of cyber threats. These documents aim at enhancing cybersecurity in the Kingdom, and maintaining the security of its vital economic and national interests, as they are mandatory for both governmental and private entities that own or manage critical national infrastructure.

The authority has released the Saudi Cybersecurity Workforce Framework (SCyWF) which is concerned with classifying job roles into hierarchical categories according to tasks. On the national level, the authority employs technical teams that respond to cybersecurity incidents across eleven governmental sectors thus far.

The Saudi Federation for Cyber Security and Programming (SAFCSP) is the second most prominent force in the field of cybersecurity and programming in the Kingdom after the National Cybersecurity Authority, and is organizationally linked to the Saudi Arabian Olympic Committee. SAFCSP has worked alongside the Human Resources Development Fund (HRDF) to implement a training program that employs national forces in the labor market within the fields of cybersecurity, programming, big data and artificial intelligence.

In 2019, SAFCSP established the Bug bounty platform. Such platforms are globally perceived as a bargaining tool, and are provided by websites, institutions, and software developers to report errors, especially those related to security violations and bugs, in exchange for a financial reward.

In order to prevent any future misuse, this platform allows developers, whether individual researchers or facilities, to discover and solve errors before the public notices them. By creating this platform, SAFCSP joins five global organizations that have created bug bounty platforms.

In an attempt to enhance institutional efforts in cybersecurity, the National Cybersecurity Authority has developed the National Cybersecurity Strategy, which draws the following vision that the Authority seeks to achieve: a safe and reliable Saudi cyberspace that enables growth and prosperity.

This vision meets the Kingdom's priorities and aspirations, ensures the protection of technical and operational systems, and strengthens critical infrastructure, the ability to withstand and respond to cyber incidents, and resist and recover from damages in a timely manner. This vision also increases the confidence of national entities, investors and individuals in the Saudi cyberspace, and contributes to the economic and social growth of the Kingdom.

The strategy includes six main concepts: Integration, regulation, assurance, defense, cooperation and construction. It aims at ensuring an integrated cybersecurity governance and an effective management of cyber risks at the national level, as well as the protection of cyberspace, in addition to strengthening national capabilities in defense against cyber threats, consolidating partnerships and cooperation in cybersecurity, building national human capabilities and developing the cybersecurity industry in the Kingdom.

As part of the efforts to prepare national cadres specialized in the field of cybersecurity, the National Cybersecurity Authority has established an academy that trains and builds the capacities of these cadres to fill the gap in this field, in addition to protecting the Kingdom's cybersecurity and national security.

During 2022, the academy implemented the CyberPro employment training program. During three stages, twenty-two training classes had graduated, forty-four cyber exercises were implemented, and 154 training courses were organized.

The academy seeks to achieve a number of scientific objectives, including the qualification and training of national cadres in the field of cybersecurity, enhancing the skills of national employees and increasing readiness, as well as providing a forum to exchange knowledge and expertise in the Kingdom's cybersecurity community, and educating non-specialized employees on cybersecurity basics.

In 2022, the National Cybersecurity Authority launched the Cyberk program to develop the cybersecurity sector, which is one of the key enablers to achieve the objectives of the National Cybersecurity Strategy. The program aims to develop and build national capabilities specialized in cybersecurity, localize cybersecurity technologies and training content, and stimulate the local industry ecosystem and innovation in the field of cybersecurity.

The program is based on six main tracks: innovation and entrepreneurship, cybersecurity officials, cybersecurity experts, fresh graduates programs and cybersecurity trainers specialized in investigating and judicial entities. The first phase aims to increase the number of cybersecurity startups by supporting and establishing more than sixty national companies in the field.

The targets of Cyberk's first phase are achieved by supporting more than forty start-ups through the cybersecurity accelerator, establishing more than twenty startups through the cybersecurity challenge, empowering around ten thousand male and female citizens in the fields of cybersecurity, including more than 1,500 beneficiaries in national entities, in addition to developing the leadership skills of more than 150 cybersecurity officials in the Kingdom, and training more than five thousand citizens through advanced cyber exercises.

The first version of the Cybersecurity Accelerator, which aims to strengthen the entrepreneurship ecosystem in the Kingdom, stimulate investment, and increase local content in cybersecurity, was launched as part of the efforts of Cyberk program to stimulate the cybersecurity sector.

The accelerator aims to empower local cybersecurity start-ups offering innovative cyber solutions and products that are aligned with the accelerator's strategic objectives, in addition to enabling around forty start-ups in cybersecurity technologies, and providing financial support to eligible start-ups within three years.

Through organizational work in the field of cybersecurity, the Kingdom has secured second place in the Global Cybersecurity Index in the World Competitiveness Yearbook for 2022, issued by IMD World Competitiveness Center.