Saudi Arabia News

Adoption of cybersecurity controls for the private sector in Saudi Arabia

Naqa News3 weeks ago
0 1 2 minutes
Adoption of cybersecurity controls for the private sector in Saudi Arabia

The National Cybersecurity Authority announced the adoption of cybersecurity controls specifically designed for private sector entities that do not possess critical infrastructure. This strategic step aims to establish minimum levels of information and technological protection in private organizations, thereby mitigating the growing cyber risks stemming from internal and external threats, and ensuring the protection of digital assets and the confidentiality, integrity, and availability of information.

Towards a safe and sustainable digital environment

This decision comes within the framework of the Kingdom of Saudi Arabia's ongoing efforts to strengthen its position as a leading digital power regionally and globally, and is in line with the objectives of Vision 2030, which focuses on digital transformation as a fundamental pillar of development. Since its establishment, the National Cybersecurity Authority has been working to build a robust cybersecurity system that protects the vital interests of both the state and the private sector. Regulating the private sector and enhancing its cybersecurity readiness is a necessary step to close vulnerabilities that could be exploited by hostile actors, especially given the accelerating pace of reliance on modern technologies in conducting business.

Classifying facilities within cybersecurity controls

cybersecurity controls apply to all targeted private sector entities according to specific classifications based on the size of the establishment and its revenues, where the entities were divided into two main categories:

  • The first category (large entities): These are establishments with more than 250 full-time employees or annual revenues exceeding 200 million Saudi Riyals. This category is subject to comprehensive controls commensurate with the complexity of its operations, including 3 main components, 22 sub-components, and 65 mandatory regulations.
  • The second category (small and medium-sized enterprises): This includes entities with between 3 and 249 employees, or revenues between 3 million and 200 million riyals. This category is subject to requirements that align with its operational capacity, comprising one main component, 13 sub-components, and 26 mandatory controls.

Economic impact and boosting investor confidence

The impact of these controls extends beyond the technical realm to encompass significant economic dimensions. Adherence to these standards is expected to bolster confidence in the Saudi investment environment, as investors and international partners consistently seek secure working environments that protect their data and intellectual property. Furthermore, implementing these controls will mitigate financial losses resulting from cyberattacks and data breaches, thereby enhancing the efficiency of the national digital economy and safeguarding the reputation of Saudi companies in global markets.

Key areas of focus: people, procedures, and technology

The adopted controls are based on three main pillars to ensure comprehensive protection:

  1. The people focus: It focuses on training human resources and raising employee awareness of cyber risks, to ensure that the human element is the first line of defense and not the weakest link.
  2. The focus of the procedures is on establishing documented and clear policies and procedures that comply with local regulations and global practices, to ensure that operations proceed safely.
  3. Technology axis: This includes the use of modern technological tools and solutions to continuously monitor and protect systems from breaches.

Compliance mechanism and obtaining accreditation certificate

To ensure compliance, the Authority has established a clear path to obtaining accreditation, beginning with the submission of a formal application accompanied by supporting documents, which is then evaluated within 90 working days. The regulations require accredited entities to maintain compliance levels throughout the accreditation period and to report any material changes or data breaches to the Authority. The Authority has also reserved the right to withdraw accreditation in cases of proven non-compliance or the provision of misleading information, while guaranteeing the entity's right to appeal and rectify its situation within a specified timeframe. This reflects a regulatory approach characterized by transparency and fairness.

Tags
Naqa News3 weeks ago
0 1 2 minutes
Camel News Image

Naqa News

Naqa News is an editor who provides reliable news content and works to follow the most important local and international events and present them to the reader in a simple and clear style.

Related articles

Saudi Arabia weather forecast for Friday: Thunderstorms and winds to hit 7 regions

Saudi Arabia weather forecast for Friday: Thunderstorms and winds to hit 7 regions

2 hours ago
Details of expected temperatures in Saudi Arabia, with a minimum of 6 degrees Celsius

Details of expected temperatures in Saudi Arabia, with a minimum of 6 degrees Celsius

5 hours ago
Details and implications of the meeting between the Crown Prince and the President of Ukraine in Jeddah

Details and implications of the meeting between the Crown Prince and the President of Ukraine in Jeddah

7 hours ago
Saudi Arabia weather today: Continuous rain in Tayma and its effects

Saudi Arabia weather today: Continuous rain in Tayma and its effects

8 hours ago

Leave a comment

Your email address will not be published. Required fields are marked *

Go to top button