Phishing major cybersecurity threat in Saudi Arabia in 2024: Report

Phishing is a significant cybersecurity threat in Saudi Arabia, with a majority of survey respondents experiencing phishing attacks, according to a report released by British security software and hardware company Sophos.

The Kingdom of Saudi Arabia (KSA) Cybersecurity Awareness survey 2024 was conducted by Ken Research among 300 IT experts based in Saudi Arabia in December 2024 and January 2025.

According to the report, 74 percent of respondents experienced phishing attacks, indicating a need for enhanced email security and employee training.

In addition, the survey listed ransomware (49 percent) as the second most common cybersecurity concern, with 42 percent of organizations lacking formal response plans.

This highlights the need for stronger preparedness to effectively mitigate and respond to ransomware incidents, the report said.

Phishing has become a significant threat in Saudi Arabia, with a surge in malware delivery through malicious email attachments and advanced spear phishing attacks, according to the report.

The advent of AI-powered phishing campaigns has further escalated the risk, making traditional defenses like employee training insufficient.

“Today’s threat landscape is continually evolving, growing more severe and complex, particularly in regions like Saudi Arabia, where digital transformation is rapidly advancing, there is an urgent need to heighten cybersecurity awareness and preparedness,” Chester Wisniewski, global field CTO at Sophos, said in a statement.

“Cybercriminals operate without regard for international borders, and our defenses must adapt accordingly. While ransomware attack rates have declined over the past two years, the impact on victims has increased. To combat these persistent threats, organizations in the Kingdom and beyond must adopt a proactive, human-led approach to threat detection and response, leveraging advanced technology and continuous monitoring to stay ahead of attackers.”

AI-powered tools

According to the survey, 59 percent of the respondents also utilize Artificial Intelligence (AI) tools for cybersecurity.
AI has revolutionized the way IT security professionals think about cybersecurity.

Advanced AI-powered tools and systems enhance data protection by rapidly identifying behavioral patterns, automating processes, and detecting anomalies providing stronger defenses against emerging threats.

Employee training and awareness rank as the most effective AI application across various organizations, followed by threat detection and risk analysis as the second and third most impactful measures supporting cybersecurity efforts.

AI still requires human intervention for training and correcting mistakes, and a growing concern is the potential for hackers to exploit AI for malicious purposes, such as generating phishing emails and developing malware.

In larger organizations with more than 500 employees, 55 percent of employees said they are “very concerned” about AI-powered attacks, compared to 33 percent in medium-sized and 11 percent in smaller organizations.

The rapid pace of innovation in the cybersecurity landscape makes it challenging for organizations to be prepared for evolving threats and implement cyber controls designed to counter them.

Larger organizations – 76 percent of the respondents with in-house expertise – are better equipped to manage risks, while smaller ones (21 percent) often lack the resources, making them more vulnerable to attacks.

Thirty-five percent of the respondents stated that the most cited skill gaps are in AI/Machine Learning in cybersecurity followed by cloud security with 25 percent.

Across all organizations, quarterly training remains uncommon, with only 12 percent in medium organizations and 19 percent in large organizations adopting this frequency.