Saudi Arabia releases cyber security guidelines

Saudi Arabia’s NCA (National Cybersecurity Authority) has issued guidelines to help organisations in the kingdom improve their information security practices. 

The rules apply to various national agencies, and are based on “five core components of governance”, according to the Saudi Gazette. We’re are led to believe that it follows the essentials of ISO 27001, the international standard for information security. 

The Standard is widely used in the Middle East, so organisations that take information security seriously shouldn’t have much to worry about with these new rules. The 2017 ISO Survey found that 923 organisations in the region had certified to ISO 27001, and there are almost certainly many more that use it as a framework but haven’t certified. 

We’d like to see more organisations certify to the Standard (there are plenty of reasons to), but you can be assured that you’re doing everything you can to prevent a data breach as long as you’re following its framework. 

What is the NCA? 

The NCA was set up in November 2017 to help organisations in Saudi Arabia protect their data, systems and information. It also aims to improve online security for companies and individuals. 

It’s chaired by the minister of the state, Musaed Al-Aiban, and linked to the office of the king. 

One year into the NCA’s existence and there are positive signs about its effectiveness. The guidelines it has released follow an agreement with the Ministry of Education to allocate 1,000 cyber security-related scholarships and a 10% increase in ISO 27001 certifications since 2016. However, as with every country, the threat of cyber crime looms and there are fears of a large-scale breach. 

Earlier this year, Simone Vernacchia, a partner in digital, cyber security, resilience and infrastructure for PwC Middle East, told Arab News: “[W]e see that cybercrime in Saudi is growing faster than in most of the countries in the world, with more than a 35 percent increase in the number of attacks during the past year.” 

He added: “Saudi is being targeted more frequently, and the cost of cyberattacks is 6 to 8 percent higher than in the rest of the GCC countries. The Saudi economy provides a more appealing target for cyberattackers.” 

Subscribe to the Daily Sentinel for all the latest cyber security news and advice. 


Online exclusive offer: Save 10% when you book online for the Lead Auditor course in Dubai