The Kingdom of Saudi Arabia has been a pioneer globally in terms of cybersecurity, with privacy frameworks and regulations aligned to the country’s national cybersecurity strategy and Vision 2030 blueprint.

The nationwide drive to enhance security maturity has been an apt response to the risks posed by cybersecurity threats, unlike most other countries where the drive often lacks intent, context, implementation, and impact. However, with advancements in technology, we believe we are at a reflection point where organizations will re-examine their cybersecurity strategies.

Organizations will move away from providing stringent or restrictive policies to focus on enabling their businesses in their digital transformation journeys and adoption of AI. This will involve building agility, optimization, and cyber-resilience into their strategies. There will be multiple initiatives aimed at aligning architectures to zero trust and ensuring that security by design and privacy by design are inbuilt into technology and AI solutions.

AI is already being adopted by various organizations and is a strategic priority for most. The adoption of AI, like we saw with cloud, is inevitable and this will introduce new risks around ethics, governance, privacy, and security. In such a scenario, security and privacy teams will need to create awareness, analyze the risks around the specific AI models adopted, and ensure they build controls around lower-risk AI models — in other words, be agile enough to ensure they don’t block AI initiatives, since that works against the business.

Similarly, we need to re-assess the effectiveness of the controls/technologies implemented to determine whether they are delivering value to the business. This is the time when organizations should launch optimization projects that bring higher levels of efficiency to their processes and technology.

Further to these priorities, a fundamental is that it’s not possible to prevent 100% of attacks; however, what we have in our span of control is the ability to bounce back following an incident to ensure minimum disruption or downtime. It’s important to focus on cyber-resilience to provide more comfort to stakeholders.

We expect organizations will launch multiple initiatives to enhance their security strategies so that they align with the above priorities.