Vulnerability of Saudi Private Sector Organisations to Cyber Threats and Methods to Reduce the Vulnerability

Abstract

The Middle Eastern region has witnessed many cyber-attacks in recent years, especially in Saudi Arabia. Saudi Arabian organisations face problems anticipating, detecting, mitigating, or preventing cyber-attacks despite policies and regulations. The reasons for this have not been investigated adequately. This research aims to study the methods used to address cyber security issues in the private sector. A survey of IT managers of private organisations yielded 230 usable responses. The data were analysed for descriptive statistics and frequency estimations of responses, and the results are presented in this paper. Poor awareness of cyber security issues is reflected in the survey responses. The expenditure on cyber security, especially by large firms, was inadequate. There was a greater tendency to outsource many aspects of cyber security without concern about the risks. A very small percentage of IT managers considered the certainty of a cyber threat within the next year. It is important from the point of proactive strategies to prevent attacks. The findings highlight a lack of required knowledge and skills in performing their expected roles well. Additionally, many weaknesses have been detected in cyber security management in Saudi private organisations, and there is room to improve the quality of computer security systems. The published literature largely supported this. The findings from this study have implications for the stakeholders, especially IT managers working in the private sector of Saudi Arabia. The learnings from this study may be used to address the vulnerabilities identified. The findings clearly show the need to train IT managers of Saudi private organisations.