Digital Trust Insights 2024 - The KSA perspective

Increasing cyber threats drive the need for a culture of cyber preparedness in Saudi Arabia

In line with its Vision 2030 goals, the Kingdom of Saudi Arabia is deploying world-class technology solutions and innovative tools across industries and organisations. However, with large-scale digital transformation comes challenges. In the last couple of years, the country has faced increased attempted cyber attacks. A total of 110 million threats were detected in KSA, according to the Trend Micro Annual Cybersecurity Report for 2022. 

PwC’s 2024 Global Digital Trust survey, which includes business and tech executives at some of the largest global companies both globally and in KSA, looks at the critical cybersecurity concerns in KSA, a nation emerging as the Middle East's largest cybersecurity market. 

Echoing sentiments of the global report that says, "Innovation means making bold moves, and there's nothing more empowering than ensuring safety", we find a positive cybersecurity technology solution mindset in KSA, where survey respondents revealed a confident approach to cybersecurity with the need to strengthen the ecosystem. 

While 62% of respondents revealed that they have the right amount of cybersecurity technology solutions as compared to 69% globally, the survey pointed to a growing awareness in organisations to strengthen their defences, act quickly and turn threats into opportunities. To that effect, 33% of Saudi respondents indicated a projected increase of 6-10% in their organisation's cyber budget, highlighting the potential for modernisation and improvement in technology infrastructure within their organisations. 

Digital risks connected to cyber risks

Aligned with global and regional findings, we find that digital and technology risks are most connected to an organisation's cyber threats in KSA – with 70% of respondents globally and 73% in KSA positioning it right at the top, ahead of inflation, microeconomic volatility, and societal risks. The survey underscored the importance of addressing digital and technology risks in the country, with a clear emphasis on proactive mitigation efforts to safeguard organisations against evolving cyber threats. 73% of survey respondents in KSA prioritised digital- and technology-related risks, higher than 51% globally. An equal number (70%) were concerned about cloud-related threats, compared to 47% globally, while 67% of respondents expressed concerns about attacks on connected devices, compared to 42% globally. 

In KSA, 27% of respondents were also concerned about the exploits of zero-day vulnerabilities when malicious actors cause severe damage to systems and businesses. At the same time, 37% of global respondents were more concerned about the hack-and-leak operations where sensitive data is stolen and exposed. 

Implications of cyberattacks 

For KSA respondents, the consequences of cyberattacks go beyond the immediate financial implications. A staggering 63% revealed that damage to company brand (including loss of customer confidence) was their topmost concern in the next 12 months (vs 50% globally). 

Following closely behind, 57% of KSA participants worried about the loss of revenue, such as lost contracts and business opportunities, a concern shared by 48% globally. Additionally, 43% KSA respondents expressed concerns about the damage to product and service quality. On the other hand, the global participants prioritised the loss of customer, employee or transaction data, a concern shared by 52% of Saudi respondents.

Cyber investment priorities for 2024

In Saudi Arabia, 62% prioritise optimising current technology and investments as their top cyber investment concern. This is closely followed by 54% focusing on new business initiatives and 46% addressing remediation efforts after recent cyber breaches or intrusions into organisations or industries.

This is different from the global perspective, where 49% of respondents revealed that their primary focus was modernising technology, including cyber infrastructure, followed by optimisation of current technology and investments (45%) and prioritising (42%) the ongoing improvements in risk posture based on the cyber roadmap. 

Cybersecurity talent gap

While Saudi Arabia is actively investing in digital tools, labs, academies and technologies to equip and upskill its students, youth and workforce, there is a concern around the lack of talent for its immediate cyber needs. The findings of our 2024 Global Digital Trust Report show that identifying right candidates is among the top three cyber talent strategy priorities over the next 12 months for 70% Saudi respondents (vs. 52% globally); while upskilling the current workforce fast enough to keep up with demands of the organisation is a priority for 60% (vs. 69% globally). 

Regulatory goals

In KSA, 40% opted for harmonised cyber and data protection laws in the region, compared to 36% globally. An equal number of respondents believed that shifting the liability for cyber failures to specific companies, such as device makers and software companies, will also make an impact. 37% of survey respondents demanded regulatory requirements for operational resilience.

DefenseGPT: GenAI-powered cyber

Large language models of GenAI can be formidable weapons to expedite cyber threat detection and simplify complex data analysis and security engineering processes. 

Our survey has revealed that a staggering 97% of respondents in KSA agree that generative AI will help their organisation develop new lines of business within the next three years. The same percentage of respondents also believe that GenAI-driven processes in their organisation will increase employee productivity within the next 12 months (vs. 77% and 75%, respectively, globally). A substantial 93% in KSA (vs. 77% globally) agreed that their leadership focused on the ethical and responsible use of generative AI tools in the organisation.

While vendors are pushing the limits of GenAI, it could be some time before we see broad-scale use of defenceGPTs. In the meantime, the three most promising areas for using GenAI in cyber defence include, threat detection and analysis, cyber risk and incident reporting and adaptive controls.

Conclusion

Findings from the survey turn the spotlight on business leaders in KSA who now need to shift focus from reactive to proactive cybersecurity strategies, elevate cybersecurity discussions to the boardroom, and prioritise a culture of cyber preparedness.

Embracing advanced technologies such as Generative AI and forming resilient cross-functional teams are crucial. Moreover, collaboration on implementing regulations and investment in cybersecurity budgets are essential for ushering in a new era of transparency and safety in the digital landscape of the nation.

Contact us

Haitham Al-Jowhari

Partner, Cybersecurity, PwC Middle East

Mohammed Ayesh

Director, Cybersecurity, PwC Middle East

Tel: +966 54767 7828

Ali Mouslmani

Senior Manager, Cybersecurity, PwC Middle East

Tel: +971 54793 4058

Sylvia Elferkh

Manager, Cybersecurity, PwC Middle East

Tel: +971 50 6828096

Lama Alhamad

Manager, Cybersecurity, PwC Middle East

Follow us