The argument for local cybersecurity in Saudi Arabia

As the world has made a rapid shift to digital since the start of the COVID-19 pandemic, some countries have moved faster than others. Saudi Arabia stood out from the start as a nation with the drive to accelerate the rollout of digital services. According to the World Bank, Saudi “capitalised on its advanced infrastructure to spearhead innovation and ensure business continuity,” and the solutions that Saudi has developed to answer citizens’ needs have positioned the Kingdom as a leader of digital transformation. 

We’ve already written about some of the ways that Saudi has levelled up its digital services: from efficient digital healthcare provisions, to efforts by the King Abdullah University of Science and Technology (KAUST) to increase tech education and innovation in the region.  

At #LEAP22, Moataz Binali (AVP and MD at MEA, Trend Micro) said:

“The country has become a global hub for business, for trade, for investment, for transformations — including digital transformation. But we all know that with digital transformation comes the risk of cybersecurity.”

The growth of digital tech in Saudi and more widely in the Middle East has huge positive implications for the future of the region’s economy. Pwc’s recent Global Economic Crime and Fraud Survey 2022 gathered data from approximately 1,300 executives in 53 countries, and found that cybercrime is the biggest fraud threat that most businesses face right now.

Binali outlined the four pillars of Trend Micro’s strategy to protect technology in Saudi Arabia – and we think these pillars can be generalised to inform a nation-wide approach. 

1. Build a local presence for tech companies 

Binali announced that the Trend Micro Middle East and Africa headquarters was relocating to Riyadh – that new base opened just after #LEAP22, in February this year, and is now fully operational. 

This is part of a bigger picture: that when major tech companies have a strong local presence in Saudi Arabia, they’ll also invest in enhancing local security for digital solutions and services. 

And it’s happening: VC funding in Saudi surged more than 3X to USD $584 million in the first half of 2022 (surpassing the 2021 total before the end of June), with digital transformation the focus of much of that investment – and a record 88 investors funded Saudi startups, according to a report by startup data platform Magnitt. 

2. Drive cybersecurity development in the Middle East and Africa region

Part of having strong cybersecurity provisions in Saudi Arabia is about having that security in the region. Instead of relying on international security providers, Saudi needs local cybersecurity provisions that are tailored to the region and responsive to local policy and circumstances. 

To this end, Binali noted that Trend Micro is “launching a local cybersecurity datalink in Saudi Arabia,” providing solutions for network and cloud security and extended detection and response. 

One of the reasons this is so important is that local provisions can work in compliance with local laws instead of being governed by regulations from other regions. This is crucial right now, as Saudi is rolling out new cybersecurity and data laws to protect companies and citizens – like the Personal Data Protection Law (PDPL) that took effect on 23 March 2022. 

3. Increase tech and security resources 

Another of Trend Micro’s initiatives, Binali said, is to launch a new centre for excellence for cybersecurity resources – in order to give private and public organisations across the Kingdom access to expert advisory services that will support them in handling data and applying cybersecurity measures. This centre will include educational facilities, as well as meeting rooms and additional support for the company’s partners and clients. 

It’s a part of the third pillar that will help to protect tech in Saudi Arabia: increasing resources on the ground to ensure that local players can connect easily and efficiently with security solutions. 

4. Upskill cybersecurity knowledge and practice in the Middle East

Finally, all of the above will be improved and expanded only if there’s enough local knowledge to keep the ball rolling. Which is why as digital tech grows in the Middle East, it’s essential that the skilled cybersecurity workforce grows as well. 

Incubator programs will be key to building skill in this area. Trend Micro’s 2022 Middle East and North Africa certification program in IT security aims to give individuals the skills to launch their own careers in cybersecurity. The Saudi National Cybersecurity Authority (NCA) also launched an accelerator this year to improve cybersecurity measures for businesses; and Dubai-based incubator FasterCapital supports startups in the cybersecurity category too.

Programs like these will drive a growth in cybersecurity knowledge and skill that will enable the region’s security tech to keep up with the acceleration of wider digital tech. 

Why is cybersecurity important in the MENA region? 

Because digital transformation requires it. As Jesper Zerlang (CEO at LogPoint) wrote for Forbes, “Reliable and resilient digital transformation can only be achieved when it has a foundation of cybersecurity beneath it.” 

If cybersecurity gets left behind in the rush to digital then citizens, companies, and government institutions are all left exposed. And that will very quickly stall – or completely stop – the digital transformation, because cybercrime will rise and data will be vulnerable. 

Efficient, effective, and agile cybersecurity measures must be put in place. And they need to be applied in a way that works for local citizens, local practices, and local law.