Official government website of the Government of the Kingdom of Saudi Arabia

How to verify

Thursday, May 15, 2025

Beta version

عربي

Comments & Suggestions

For any inquiries or comments, please fill in the required information.

Loading, please wait...

Cybersecurity in the Kingdom

Cybersecurity is crucial to national resilience, trust, and economic growth in an interconnected world. Saudi Arabia is dedicated to securing its digital infrastructure through comprehensive strategies, cutting-edge technologies, and regulatory frameworks. These measures aim to protect citizens, businesses, and institutions from evolving threats while fostering awareness, capacity building, and global collaboration. By balancing innovation with strong safeguards, the Kingdom seeks to establish a resilient and secure digital ecosystem aligned with Vision 2030.

Share The Page

Policies and strategies

National Cybersecurity Strategy

The National Cybersecurity Authority (NCA) developed the National Cybersecurity Strategy to bolster Saudi Arabia's cybersecurity resilience, foster trust, and support national growth and prosperity. The strategy envisions a resilient, secure, and trusted cyberspace that promotes economic and societal development.

Grounded in six pillars - Unify, Manage, Assure, Defend, Partner, and Build - the strategy introduces an integrated cybersecurity framework aligned with international best practices. It focuses on:

Enhancing cybersecurity maturity.
Protecting networks, systems, and data.
Fostering awareness of cybersecurity responsibilities.
Promoting innovation through job creation, capability building, and research incentives.

The strategy delineates roles and responsibilities for government entities, the private sector, and both national and international communities. It establishes four national frameworks to achieve its goals: Risk Management, Information Sharing, Incident Response, and Capability Building.

Implementation spans five years across three tracks:

High-Return Projects: Immediate-impact initiatives to raise cybersecurity maturity.
Catalyst Program: Elevating cybersecurity standards across national organizations.
Long-Term Initiatives: Strategic projects with enduring national benefits.

By collaborating with stakeholders and under the NCA's leadership, Saudi Arabia is building a secure digital ecosystem that ensures growth and prosperity.

Legal and Regulatory Framework

Anti-Cyber Crime Law

Saudi Arabia's Anti-Cyber Crime Law, enacted in 2007 and revised in 2015, lays the foundation for combating cybercrime. The law addresses unauthorized access, data interference, fraud, and forgery while safeguarding users' rights, ensuring secure data exchange, and upholding public morals and privacy. This legislation is a cornerstone for securing the Kingdom's cyberspace.

Cybersecurity Controls

Complementing the legal framework, the NCA has introduced the Essential Cybersecurity Controls (ECC) to guide government entities and Critical National Infrastructure (CNI) organizations.

ECC-1: 2018: Established minimum cybersecurity requirements.
ECC-2: 2024: Updated to address emerging cyber threats with an expanded scope, enhanced controls, and alignment with international standards like the NIST Cybersecurity Framework and ISO/IEC 27001.

This revised framework expands its scope to include financial institutions and private entities hosting CNI, enhances controls to address emerging threats like ransomware and phishing, emphasizes risk management practices, and aligns with global standards such as the NIST Cybersecurity Framework and ISO/IEC 27001.

Please visit the NCA's website for additional details on cybersecurity policies, controls, frameworks, and guidelines.

Cybersecurity Regulatory Framework (telecommunication sector)

Aligned with the Telecommunications Act, the Communications, Space & Technology Commission (CST) developed a Cybersecurity Regulatory Framework (CRF) to enhance the cybersecurity maturity of Saudi Arabia's Information and Communications Technology (ICT) sector. The CRF establishes robust measures to safeguard public interest, protect user data, and secure telecommunications information. It also outlines specific cybersecurity requirements for Service Providers to meet minimum standards, while CNI entities must also adhere to the NCA's Essential Cybersecurity Controls.

Institutional Framework

National Cybersecurity Authority (NCA)

Established in 2017, the National Cybersecurity Authority (NCA) is the Kingdom's national authority for cybersecurity. Its mission includes safeguarding vital interests, critical infrastructure, and government services. While overseeing national cybersecurity frameworks, the NCA emphasizes that entities remain responsible for their own cybersecurity compliance.

Key Responsibilities:

Developing and implementing the national cybersecurity strategy.
Managing cybersecurity risks across critical infrastructure and priority sectors.
Operating national cybersecurity centers for monitoring, incident response, and information exchange.
Building national cybersecurity capacities through training, licensing, and professional standards.
Representing Saudi Arabia in global cybersecurity matters.
Promoting innovation and optimizing cybersecurity investments.

Saudi Computer Emergency Response Team (CERT)

As part of the NCA, the Saudi Computer Emergency Response Team (CERT) enhances cybersecurity awareness, issues warnings about emerging threats, and mitigates vulnerabilities. It also leads awareness campaigns, collaborates with global response teams, and provides timely resources.

For updates on security warnings or security awareness materials, visit the Saudi CERT website.

Haseen: National Portal for Cybersecurity Services

The Haseen National Portal empowers entities and individuals by providing state-of-the-art cybersecurity platforms. Its objectives include:

Strengthening national cybersecurity infrastructure.
Enabling entities to achieve their cybersecurity goals.
Optimizing government spending in cybersecurity.
Promoting local cybersecurity expertise.

Haseen offers 14 tailored services for public and private sector entities as well as individuals, fostering a comprehensive and resilient cybersecurity ecosystem.

National Programs and Initiatives

Saudi Federation for Cybersecurity, Programming and Drones

The Saudi Federation for Cybersecurity, Programming, and Drones (SAFCSP) is a national institution committed to empowering the workforce in cybersecurity, software development, drones, and advanced technologies. Its strategy is built on three pillars:

Inspiration: Inspiring innovators through initiatives and events.
Empowerment: Providing skills training, enabling tools, and investment opportunities.
Sustainability: Supporting employment and startup development for beneficiaries.

As part of its mission, SAFCSP organizes events, boot camps, and educational seminars to enhance cybersecurity skills and capacities across the Kingdom. It has also developed four key platforms:

BugBounty: Connecting ethical hackers with organizations to identify vulnerabilities.
CyberHub: Offering educational resources for cybersecurity learning.
Satr: Providing specialized programming courses.
CoderHub: Hosting challenges and competitions to foster innovation.

Through these efforts, the SAFCSP drives growth in Saudi Arabia's cybersecurity sector, fostering a skilled and innovative workforce.