The Reality of Cybersecurity and its Challenges in Saudi Arabia

(Sami S. Alsemairi)

---

Abstract

Recent technological developments have led to an increasingly wide use of electronic devices, platforms and applications. These technologies are now an important factor in the digital transformations taking place in many governmental agencies. In parallel with these technological advancements, new cybercrime techniques have been developed, making them a complex and highly prioritized national security issue for many countries around the world. To address this challenge, the Saudi Arabian government, through a royal decree, has urged government agencies to create internal cybersecurity departments to safeguard their information and technical assets. This makes cybersecurity a critical element of the Kingdom’s 2030 Vision. This study aims to shed light on the reality of cybersecurity and its challenges in the Kingdom of Saudi Arabia. The researcher designed a questionnaire to measure several dimensions, including cybersecurity management, addressing cyber threats and risks, security techniques, and future (strategic) challenges. A sample of 98 IT employees working in different government agencies participated in this study. The results of the data analysis show that the level of cybersecurity against cyber threats and risks is high in the government agencies of Saudi Arabia.

KEYWORDS
Cybersecurity, cyberspace, cyber risks management, cyber threats and risks, cyber warfare

PDF

References

Alowaimer, M.H. (2018). Dawr Taqyim Almakhatir fi 'Amn Almaelumat ‘Role of Risk Assessment in Information Security’. Master’s Dissertation, Naif Arab University for Security Sciences, Riyadh, Saudi Arabia. [in Arabic] 
Alshammari, H.Q. (2015). Ruyat 'Iistiratijiat Lihimayat Alfada' Al'iiliktrunii Lilmamlakat Alearabiat Alsaeudia ‘A Strategic Vision to Protect the Cyberspace of the Kingdom of Saudi Arabia’. Master’s Dissertation, Naif Arab University for Security Sciences, Riyadh, Saudi Arabia. [in Arabic]
Alshehri, A.Z. (2019). Ruyat Astiratijiat Lilhadi min Aljarayim Al'iiliktruniat Litaeziz Al'amn Alsiybiranii fi Almamlakat Alearabiat Alsaeudia ‘A Strategic Vision to Minimize Cybercrimes and enhance Cybersecurity in the Kingdom of Saudi Arabia’. PhD Thesis, Naif Arab University for Security Sciences, Riyadh, Saudi Arabia. [in Arabic]
Alzubaidi, A. (2021). Measuring the level of cyber-security awareness for cybercrime in Saudi Arabia. Heliyon, 7(1), e06016.
Amanullah, Q. and Khan M.K. (2019). Cybersecurity Challenges of the Kingdom of Saudi Arabia: Past, Present and Future. Global Foundation for Cyber Studies and Research. Available at: https://www.gfcyber.org/cybersecurity-challenges-of-the-ksa-past-present-and-future/ (accessed on 20/2/2020) [in English].
Amoroso, E. (2006). Cyber Security. New Jersey: Silicon Press.
Andress, J. (2014). The Basics of Information Security - Understanding the Fundamentals of InfoSec in Theory and Practice. 2nd edition. USA: Syngress.
Bannaga, A. (2019). Makhatir Alhajamat Alalkitrunia (Alsiybiraniati) Watharuha Alaiqtisadiatu: Dirasat Halat Dual Majlis Altaeawun Alkhalijii ‘The Risks of Cyber Attacks and Their Economic Impacts: The Case of the Gulf Cooperation Council Countries’. Kuwait: Arab Planning Institute. [in Arabic] 
Bauer, S., Bernroider, E.W.N. and Chudzikowski, K. (2017). Prevention is better than cure! Designing information security awareness programs to overcome users’ non-compliance with information security policies in banks. Computers and Security, 68(n/a), 145–59. 
Clarke, R. and Knake, R. (2011). Himayat Alfada' Al'iiliktrunii fi Dual Majlis Altaeawun Alkhalij Alearabia ‘Securing the Gulf Cooperation Council in cyberspace’. The United Arab Emirates: The Emirates Center for Strategic Studies and Research [in Arabic]
Communications and Information Technology Commission. (2018). Muashirat Al'ada' Liqitae Alaitisalat Watiqniat Almaelumat ‘Performance Indicators for Communications and Information Technology Sector’. Available at: https://www.citc.gov.sa/ar/indicators/Pages/ICTInd2018.aspx (accessed on 27/04/2019) [in Arabic].
e-Government Program (Yesser). (2016). Alkhutat Altanfidhiat Althaaniat Liltaeamulat Al'iiliktruniat Alhukumia ‘The Second Operational Plan for E-Government Transactions’. Available at: https://www.yesser.gov.sa/for-government/digital-government-strategy-2012 (accessed on 23/01/2019) [in Arabic].
Fayol, H. (1949). General and Industrial Management. London, UK: Pitman.
Hathaway, M., Demchak C., Kerben, J., McArdle, J. and Spidalieri, F. (2015). Cyber Readiness Index 2.0, A Plan for Cyber Readiness: A Baseline and an Index. Potomac Institute for Policy Studies. Available at: https://www.potomacinstitute.org/images/CRIndex2.0.pdf (accessed on 16/01/2019).
Herhalt, J. (2011). Cyber Crime – A Growing Challenge for Governments. KPMG Issues Monitor, 8(n/a), 1–24.
Hu, Q., Dinev, T., Hart, P. and Cooke, D. (2012). Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43(4), 615–59.
International Telecommunication Union (ITU). (2018). Global Cybersecurity Index (GCI) Report. Available at: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2018-PDF-E.pdf  (accessed on 09/03/2019) [in English].
International Telecommunication Union (ITU). (2020). Global Cybersecurity Index (GCI) Report. Available at: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2021-PDF-E.pdf (accessed on 29/06/2021) [in English].
Kanaan, N.S. (2005). Alqiadat Al'iidaria ‘Administrative Leadership’. Amman, Jordan: Dar Althaqafa. [in Arabic]
Mamonov, S. and Benbunan-Fich, R. (2018). The impact of information security threat awareness on privacy-protective behaviors. Computers in Human Behavior, 83(n/a), 32–44.
Miranda, M.J. (2018). Enhancing cybersecurity awareness training: A comprehensive phishing exercise approach. International Management Review, 4(2), 5–10.
Mylrea, M., Gourisetti, S.N.G. and Nicholls, A. (2017). An introduction to buildings cybersecurity framework, IEEE Symposium Series on Computational Intelligence (SSCI). Honolulu, Hawaii, USA, 27/11-01-12/2017 [in English].
National Cybersecurity Authority. (2018). Aldawabit Al'asasiat Lil'amn Alsiybiranii ‘Essential Cybersecurity Controls’. Available at: https://nca.gov.sa/files/ecc-ar.pdf (accessed on 08/01/2019) [in Arabic].
National Institute of Standards and Technology (NIST). (2011). Managing Information Security Risk Organization, Mission, and Information System View. Available at: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf (accessed on 13/01/2019).
Northouse, P. (2010). Leadership: Theory and Practice. 5th edition. Thousand Oaks, California: SAGE.
Tash, A.A. (2015). Ruyat 'Iistratijiat Litahqiq Al'amn Almaelumatii fi Hayyat Tltahqiq Walaidiea' Aleami fi Almamlakat Alearabiat Alsaeudia ‘A Strategic Vision to Achieve Information Security in the Bureau of Investigation and Public Prosecution in the Kingdom of Saudi Arabia’. Master’s Dissertation, Naif Arab University for Security Sciences, Riyadh, Saudi Arabia. [in Arabic]
Taylor, F. (1911). The Principles of Scientific Management. New York, NY: Harper & Brothers.
The White House. (2011). International Strategy for Cyberspace. Washington DC, USA. Available at: https://obamawhitehouse.archives.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf (accessed on 21/11/2018) [in English].
Rothrock R.A., Kaplan, J. and Van Der Oord, F. (2018). The board's role in managing cybersecurity risks. MIT Sloan Management Review, 59(2), 12–5. 
Rusi, T. and Lehto, M. (2017). Cyber threats mega trends in cyber space, In: ICCWS- Proceedings of 12th the International Conference on Cyber Warfare and Security. Academic Conferences International. Dayton, United States, 02-03/03/2017 [in English].
Schatz, D., Bashroush, R. and Wall, J. (2017). Towards a more representative definition of cyber security. Journal of Digital Forensics, Security and Law, 12(2), 53–74.
Sekaran, U. and Bougie, R. (2006). Research Methods for Business A Skill-Building Approach. 6th Edition. New York: Wiley.
United Nations Office on Drugs and Crime (UNODC). (2013). Comprehensive Study on Cybercrime. Available at: https://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf (accessed on 10/02/2019) [in English].