An Impressive 93% of Organizations in KSA Leverage AI in Strengthening Security Strategies, yet Cybersecurity Complexity and Skills Availability Remain a Challenge

 According to Cisco’s 2025 Cybersecurity Readiness Index, a total of 25% of organizations in Saudi Arabia have achieved the 'Mature' or ‘Progressive’ levels of readiness required to effectively withstand today’s cybersecurity threats. This represents an improvement from last year's Index, however further efforts are required to address cybersecurity preparedness as hyperconnectivity and AI introduce new complexities for security practitioners.

AI is revolutionizing security and escalating threat levels, with 91% of organizations in the Kingdom having faced AI-related incidents last year. However, only 61% of respondents are confident their employees fully understand AI-related cybersecurity threats, and only 51% believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks. This awareness gap leaves organizations critically exposed.

AI is compounding an already challenging threat landscape. In the last year, over half of organisations (52%) suffered cyberattacks, hindered by complex security frameworks with siloed point solutions. The top three types of cybersecurity incidents include malware (76%), phishing attacks (62%), and data breaches by malicious actors (45%). Ransomware attacks were mentioned by 39% of respondents.  

"The cybersecurity threat landscape has never been more dynamic and complex, with adversaries launching sophisticated attacks and exploits against businesses," said Salman Faqeeh, Managing Director, Cisco Saudi Arabia. "As the Kingdom continues to accelerate its digital transformation and adopt advanced technologies across industries, the need for more robust, proactive, and AI-driven cybersecurity measures has never been greater. Cisco is committed to supporting Saudi Arabia's vision, by helping organizations strengthen their digital resilience and safeguard against emerging threats. Preparedness remains the critical foundation."

The Index evaluates companies’ readiness across five pillars – Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification – and encompasses 31 solutions and capabilities. Based on a double-blind survey of 8,000 private sector security and business leaders in 30 global markets, including 200 in Saudi Arabia, respondents detailed their deployment stages for each solution. Companies were then categorized into four readiness stages: Beginner, Formative, Progressive, and Mature.

Findings

Cybersecurity preparedness in Saudi Arabia remains alarmingly low, especially as 72% of respondents anticipate business disruptions from cyber incidents within the next 12 to 24 months. Further: 

• AI's Expanding Role in Cybersecurity: An impressive 93% of organizations use AI to better understand threats, 92% for threat detection, and 78% for response, underscoring AI's vital role in strengthening cybersecurity strategies.
• Generative AI (GenAI) Deployment Risks: GenAI tools are widely adopted, with 50% of employees using approved third-party tools. However, 28% have unrestricted access to public GenAI, and 50% of IT teams are unaware of employee interactions with GenAI, underscoring major oversight challenges.
• Shadow AI Concerns: 39% of organizations lack confidence in detecting unregulated AI deployments, or shadow AI, posing significant cybersecurity and data privacy risks.
• Unmanaged Device Vulnerability: Within hybrid work models, 89% of organizations face increased security risks as employees access networks from unmanaged devices. This is exacerbated by using unapproved Gen AI tools.
• Investment Priorities Shift: While almost all (98%) organizations plan to upgrade their IT infrastructure in the next 12-24 months, only 8% allocate more than 20% of their IT budget to cybersecurity. This finding suggests an opportunity for enhanced investment in comprehensive defense strategies, as the pace of threats continues to rise.
• Complex Security Postures: Over four in five (84%) organizations report that their complex security infrastructures, dominated by the deployment of more than 10 point security solutions, are hampering their ability to respond to threats swiftly and effectively.
• Talent Availability Impedes Progress: A staggering 93% of respondents identify the shortage of skilled cybersecurity professionals as a major challenge, with 57% reporting more than 10 positions to fill.

To tackle today’s cybersecurity challenges, organizations in Saudi Arabia must invest in AI-driven solutions, simplify security infrastructures, and enhance AI threat awareness. Prioritizing AI for threat detection, response, and recovery is essential, as is addressing talent shortages and mitigating risks from unmanaged devices and shadow AI.