Securing Networks | Protecting Data | Since 2011
Cybercrime attacks could double over the next two years and cost Saudi Arabia’s economy up to SR30 billion
Dubai: Cybercrime attacks could double over the next two years and cost Saudi Arabia’s economy up to SR30 billion ($8 billion) by 2020, according to security experts who warn that the Kingdom is the most targeted country in the GCC for online fraudsters.
While Saudi Arabia is intensifying its fight against cybercrime, experts say the Kingdom must invest more heavily in training local security professionals, expanding its skilled workforce, and strengthening cybersecurity regulations to become more resilient against emerging threats.
“Based on our relationships with key Saudi clients, we see that cybercrime in Saudi Arabia is growing faster than in most countries worldwide, with more than a 35 percent increase in attacks over the past year,” said Simone Vernacchia, Partner for Digital, Cybersecurity, Resilience, and Infrastructure at PwC Middle East.
“From our experience in the GCC, Saudi Arabia is targeted more frequently, and the cost of cyberattacks is 6 to 8 percent higher than in the rest of the region. The Saudi economy presents a more attractive target for cyber attackers.”
Vernacchia noted that measuring the true direct and indirect costs of cybercrime is challenging. However, he estimated that losses from cyberattacks reached $3 to $4 billion (SR11.25 billion to SR15 billion) in 2018.
“Assuming growth is not disrupted by major external events, we expect the impact of cyberattacks to rise to $6 to $8 billion (SR22.5 billion to SR30 billion) by 2020,” he said. “Regional uncertainties could drive an even more aggressive surge in attacks.”
Vernacchia also highlighted a lack of commitment among organizations to invest in cybersecurity, urging businesses to allocate resources to both manpower and technology.
“Saudi Arabia is not completely unprepared, but most businesses invest far less in cybersecurity than their counterparts in leading countries,” he said. “On average, cybersecurity awareness and capability investment is about 60 percent lower than in comparable organizations elsewhere.”
He attributed this to limited regulatory requirements for private entities, which has led companies to prioritize short-term cost savings over protection against potentially devastating cyberattacks.
An increase in cybersecurity regulation could significantly curb the rise of attacks, Vernacchia added. “Limited regulation has two key effects: some businesses underestimate their exposure and fail to invest adequately, while others delay investment altogether, waiting for clearer regulatory guidance.”
Amir Kolahzadeh, CEO of cybersecurity firm ITSEC, said many Saudi-based businesses fail to recognize the long-term value of cybersecurity investments.
“Cybersecurity is often viewed as a line-item expense instead of being weighed against the true cost of a breach,” he said. “This mindset is a global issue, but it is more pronounced in the GCC due to a shortage of highly trained security professionals who can communicate risk in business terms.”
David Michaux of online security company Whispering Bell warned that as Saudi Arabia advances toward a knowledge-based economy, the potential for cyberattacks will continue to grow.
Saudi Arabia’s Vision 2030 aims to accelerate digitization through IT innovation, big data, smart cities, and cloud services. Additionally, Saudis rank among the world’s most active social media users and are the largest Twitter adopters in the Arab region.
Mathivanan V., Vice President at ManageEngine, acknowledged Saudi Arabia’s significant progress in cyber readiness, including the establishment of the National Authority of Cyber Security. However, he cautioned that sophisticated threats are evolving rapidly.
“A trained security professional cannot win the battle against cybercrime with knowledge alone,” he said. “They need the right tools to master the art of cybersecurity.”
James Lyne, Head of R&D at the SANS Institute, stressed the importance of aligning Saudi Arabia’s cybersecurity skills strategy with its ambitious digital agenda.
“Without that alignment, the Kingdom risks substantial attacks and reputational damage,” he said. “Saudi Arabia needs more cybersecurity practitioners, and existing professionals must continuously sharpen their skills.”
Lyne also emphasized that employee behavior remains a critical vulnerability. “Many breaches still exploit basic security failures. Education must be a core part of the solution. Everyone has a role in reducing clicks on malicious emails, attachments, and phishing links.”
While exact financial losses from cybercrime are difficult to quantify, Lyne concluded that even the visible portion is substantial.
“Saudi Arabia is already a major target. Given the success attackers have had, it is highly likely that more cybercriminals will follow.”
By Jennifer Bell, Arab News
© Arab News 2018. All rights reserved. Provided by SyndiGate Media Inc.
