Why Saudi’s digital future rests on new kinds of leadership

Securing the Digital Kingdom

  • Blog
  • 2 minute read
  • June 19, 2025
Samer Omar

Samer Omar

Cybersecurity & Digital Trust Leader, PwC Middle East

This was previously published on Consultancy-me.com

In a country reimagining the future at unprecedented scale, cybersecurity is no longer confined to server rooms and security dashboards. It’s at the heart of boardroom discussions. It underpins the trust between governments and citizens, banks and customers, service providers and everyday users.

As Saudi Arabia surges forward with Vision 2030, redefining what it means to build smart cities, transform economies, and deliver digital-first public services, the race is on to secure this digital momentum.

And the stakes couldn’t be higher. “Cybersecurity is no longer just a technical issue; it’s central to national progress,” says Samer Omar, Cybersecurity & Digital Trust Leader at PwC. “As Saudi Arabia transforms, the CISO500 programme is enabling a new generation of leaders to manage risk, drive resilience, and protect value. This is about building trusted leadership at the heart of the Kingdom’s digital future.”

Omar’s words arrive at a time when nearly every sector in the Kingdom, from finance to healthcare, energy to entertainment, is undergoing radical reinvention. With that reinvention comes a broader, more complex digital attack surface. AI, IoT, and operational technologies are interwoven into core infrastructure. And while these technologies accelerate innovation, they also amplify exposure.

“Saudi Arabia’s giga-projects and smart city initiatives are being powered by emerging technologies, but these also expand the risk landscape,” Omar explains. “We’re seeing more IT, OT and IoT assets across industries, which means the speed, sophistication, and frequency of cyber threats are rising exponentially. The answer isn’t just more tools; it’s better leadership.”

CISO500 programme

Enter the CISO500 programme, an initiative launched by PwC and sirar by stc, aiming to equip 500 cybersecurity leaders across the Kingdom with not just technical training, but strategic fluency and executive presence. The programme’s first cohort of 19 Saudi professionals, selected from over 1,000 applicants, represents the kind of cross-sector alignment needed to defend an increasingly connected nation.

Participants came from critical industries, including banking, energy, healthcare, real estate, and public sector entities.

The programme not just about certification but about transformation. Over five days, participants immersed themselves in real-world scenarios and collaborative workshops spanning cyber resilience, governance, risk, AI security, and data privacy. The goal: to reshape the CISO’s role from operational gatekeeper to enterprise trust ambassador.

And that shift couldn’t come at a more critical moment. Recent figures from PwC show that 87% of Saudi organisations plan to adopt generative AI in their cyber defences this year, a welcome advancement, but one that raises fresh questions around governance, ethics, and adversarial AI. As cyber attackers themselves begin to weaponise AI, organisations must walk a fine line between innovation and risk.

“AI is both a shield and a sword,” says Omar. “While it can amplify cyber defences, it also gives adversaries new tools to breach systems faster and more intelligently. The challenge is to embed AI responsibly, with proper governance, data integrity, and security protocols from the start.”

A business enabler

Cybersecurity, he insists, must now be seen as a business enabler. Not a roadblock. Not a checklist. But a critical lever to build trust, ensure continuity, and unlock the Kingdom’s full digital potential.

In many ways, digital trust has become the new currency. It determines how citizens engage with public services, how customers choose brands, and how investors assess risk. But trust, once lost, is not easily regained. “It only takes a single ransomware attack or data breach to erode years of credibility,” Omar states. “That’s why progressive organisations are elevating cyber, privacy and resilience as strategic imperatives, tightly interlinked and embedded across functions.”

The talent imperative

But what about the people behind the firewalls? With global demand for cybersecurity talent at an all-time high, Saudi Arabia is grappling with its own skills gap, especially as digital transformation outpaces traditional talent pipelines. The CISO500 aims to help bridge this by fostering local expertise, mentoring future leaders, and supporting women’s participation, already 32% of the national cyber workforce.

Still, Omar believes more needs to be done.

“We must stop viewing cybersecurity talent as a subset of IT,” he says. “These are leaders who require a distinct skill set: technical, yes, but also business acumen, emotional intelligence, and the ability to communicate risk in ways boards understand. That requires new training models, new operating frameworks, and new incentives to attract and retain the best.”

And while AI will help automate certain tasks, Omar is clear that machines cannot replace human judgment, ethical reasoning, or cross-functional leadership.

What’s emerging in Saudi Arabia is a new blueprint, one where cybersecurity is interwoven into the nation’s growth story. One where trust is designed into every system, every service, every citizen touchpoint. And one where cyber leaders are not just protectors of infrastructure, but stewards of national momentum.

“We are not just preparing for the threats of today,” Omar concludes. “We are building the leadership instinct to anticipate what’s next, and act with confidence, at pace, and with purpose.”

Contact us

Jade Hopkins

Middle East Marketing & Communications Leader, PwC Middle East

PR Team

Get in touch with the PR team, PwC Middle East

We unite expertise and tech so you can outthink, outpace and outperform
See how
Follow us