Home / Regular Issue / JST Vol. 30 (3) Jul. 2022 / JST-3288-2021


Vulnerability of Saudi Private Sector Organisations to Cyber Threats and Methods to Reduce the Vulnerability

Emad Shafie

Pertanika Journal of Science & Technology, Volume 30, Issue 3, July 2022

DOI: https://doi.org/10.47836/pjst.30.3.08

Keywords: Awareness survey, computer security, database systems, quality improvement, Saudi Arabia

Published on: 25 May 2022

The Middle Eastern region has witnessed many cyber-attacks in recent years, especially in Saudi Arabia. Saudi Arabian organisations face problems anticipating, detecting, mitigating, or preventing cyber-attacks despite policies and regulations. The reasons for this have not been investigated adequately. This research aims to study the methods used to address cyber security issues in the private sector. A survey of IT managers of private organisations yielded 230 usable responses. The data were analysed for descriptive statistics and frequency estimations of responses, and the results are presented in this paper. Poor awareness of cyber security issues is reflected in the survey responses. The expenditure on cyber security, especially by large firms, was inadequate. There was a greater tendency to outsource many aspects of cyber security without concern about the risks. A very small percentage of IT managers considered the certainty of a cyber threat within the next year. It is important from the point of proactive strategies to prevent attacks. The findings highlight a lack of required knowledge and skills in performing their expected roles well. Additionally, many weaknesses have been detected in cyber security management in Saudi private organisations, and there is room to improve the quality of computer security systems. The published literature largely supported this. The findings from this study have implications for the stakeholders, especially IT managers working in the private sector of Saudi Arabia. The learnings from this study may be used to address the vulnerabilities identified. The findings clearly show the need to train IT managers of Saudi private organisations.

  • Abu‐Musa, A. A. (2006). Exploring perceived threats of CAIS in developing countries: The case of Saudi Arabia. Managerial Auditing Journal, 21(4), 387-407. https://doi.org/10.1108/02686900610661405

  • Ajmi, L., Alqahtani, N., Rahman, A. U., & Mahmud, M. (2019). A novel cybersecurity framework for countermeasure of sme’s in saudi arabia. In 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS) (pp. 1-9). IEEE Publishing. https://doi.org/10.1109/CAIS.2019.8769470

  • Alarifi, A., Tootell, H., & Hyland, P. (2012). A study of information security awareness and practices in Saudi Arabia. In International Conference on Communications and Information Technology (ICCIT) (pp. 6-12). IEEE Publishing. https://doi.org/10.1109/ICCITechnol.2012.6285845

  • Al-Ghamdi, M. I. (In Press). Effects of knowledge of cyber security on prevention of attacks. Materials Today: Proceedings. https://doi.org/10.1016/j.matpr.2021.04.098

  • Al-Harethi, A. A., & Al-Amoodi, A. H. (2019). Organisational factors affecting information security management practices in private sector organisations. International Journal of Psychology and Cognitive Science, 5(1), 9-23.

  • AlMindeel, R., & Martins, J. T. (2020). Information security awareness in a developing country context: insights from the government sector in Saudi Arabia. Information Technology & People, 34(2), 770-788. https://doi.org/10.1108/itp-06-2019-0269

  • Almutairi, M. M., Halikias, G., & Yamin, M. (2020). An overview of security management in Saudi Arabia. In 7th International Conference on Computing for Sustainable Global Development (INDIACom) (pp. 261-265). IEEE Publishing. https://doi.org/10.23919/INDIACom49435.2020.9083725

  • Alnatheer, M., & Nelson, K. (2009, December 1-3). Proposed framework for understanding information security culture and practices in the Saudi context. In Proceedings of the 7th Australian Information Security Management Conference (pp. 6-12). Queensland University of Technology, Perth, Western Australia. https://doi.org/10.4225/75/579850d331b4d

  • Alotaibi, F. F. (2019). Evaluation and enhancement of public cyber security awareness (PhD Thesis). University of Plymouth, England. https://pearl.plymouth.ac.uk/bitstream/handle/10026.1/14209/2019ALOTAIBI10392328PhD.pdf?sequence=1

  • Alotaibi, F., Furnell, S., Stengel, I., & Papadaki, M. (2016). A survey of cyber-security awareness in Saudi Arabia. In 11th International Conference for Internet Technology and Secured Transactions (ICITST) (pp. 154-158). IEEE Publishing. https://doi.org/10.1109/ICITST.2016.7856687

  • Alshammari, T., & Singh, H. (2018). Preparedness of Saudi Arabia to defend against cyber crimes: An assessment with reference to anti-cyber crime law and GCI index. Archives of Business Research, 6, 131-146. https://doi.org/10.14738/abr.612.5771.

  • Alsmadi, I., & Zarour, M. (2018). Cybersecurity programs in Saudi Arabia: Issues and recommendations. In 1st International Conference on Computer Applications & Information Security (ICCAIS) (pp. 1-5). IEEE Publishing. https://doi.org/10.1109/ICIT52682.2021.9491711

  • Alzahrani, A., & Alomar, K. (2016). Information security issues and threats in Saudi Arabia: A research survey. International Journal of Computer Science Issues, 13(6), 129-135. https://doi.org/10.20943/01201606.129135

  • Alzamil, Z. A. (2018). Information security practice in Saudi Arabia: Case study on Saudi organisations. Information & Computer Security, 26(5), 568-583. https://doi.org/10.1108/ICS-01-2018-0006

  • Alzubaidi, A. (2021). Measuring the level of cyber-security awareness for cybercrime in Saudi Arabia. Heliyon, 7(1), Article e06016. https://doi.org/10.1016/j.heliyon.2021.e06016

  • Basamh, S. S., Qudaih, H. A., & Ibrahim, J. B. (2014). An overview on cyber security awareness in Muslim countries. International Journal of Information and Communication Technology, 4(1), 21-24.

  • Elnaim, B. (2013). Cyber crime in Kingdom of Saudi Arabia: The threat today and the expected future. Information and Knowledge Management, 3(12), 14-19.

  • GMI. (2021). Saudi Arabia social media statistics 2021. Global Media Insight. https://www.globalmediainsight.com/blog/saudi-arabia-social-media-statistics/

  • Hawdon, J. (2021). Cybercrime: Victimization, perpetration, and techniques. American Journal of Criminal Justice, 46, 837-842. https://doi.org/10.1007/s12103-021-09652-7

  • Hofstede, G. (2019). National culture. Hofstede Insights. https://www.hofstede-insights.com/models/national-culture/

  • Hydrocarbon Processing. (2020). Saudi Aramco sees increase in attempted cyber-attacks. Hydrocarbon Processing. https://www.hydrocarbonprocessing.com/news/2020/02/saudi-aramco-sees-increase-in-attempted-cyber-attacks#:~:text=Aramco%2C%20which%20pumps%2010%25%20of,at%20the%20biggest%20OPEC%20exporter

  • ITU. (2021). Measuring digital development facts and figures 2021. International Telecommunication Union. https://www.itu.int/en/ITU-D/Statistics/Documents/facts/FactsFigures2021.pdf

  • Perlroth, N., & Krauss, C. (2018, March 15). A cyberattack in Saudi Arabia had a deadly goal. Experts fear another try. The New York Times: https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html

  • Quadri, A., & Khan, M. K. (2019). Cybersecurity challenges of the Kingdom of Saudi Arabia: Past, present and future. Global Foundation for Cyber Studies and Research.

  • SAMA. (2017). Cyber security framework. Saudi Arabian Monetary Authority. https://www.sama.gov.sa/en-US/Laws/BankingRules/SAMA%20Cyber%20Security%20Framework.pdf

  • Stock, J. (2020). INTERPOL report shows alarming rate of cyberattacks during COVID-19. Interpol. https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-report-shows-alarming-rate-of-cyberattacks-during-COVID-19

  • Talib, A. M., Alomary, F. O., Alwadi, H. F., & Albusayli, R. R. (2018). Ontology-based cyber security policy implementation in Saudi Arabia. Journal of Information Security, 9(4), Article 88030. https://doi.org/10.4236/jis.2018.94021

  • The Global Statistics. (2022). Saudi Arabia social media statistics 2021: Internet & mobile statistics. The Global Statistics. https://www.theglobalstatistics.com/saudi-arabia-social-media-users/

  • Wright, B., & Allan, K. (2020). Saudi CIOs consider security their toughest tech challenge. IDG Communications Inc. https://www.cio.com/article/3445225/saudi-arabias-cybersecurity-concerns-increase-as-threats-evolve.html

ISSN 0128-7702

e-ISSN 2231-8534

Article ID


Download Full Article PDF

Share this article

Recent Articles