A global study revealed that 94% of organisations across Europe, the Middle East, and Africa (EMEA) believe that increasing cybersecurity awareness among employees would directly reduce cyber incidents, highlighting the growing importance of the human factor in protecting digital systems and building a security-first organisational culture that supports sustainable digital transformation.
The survey, conducted by Fortinet, the global cybersecurity leader driving the convergence of networking and security, which included 500 senior IT and cybersecurity decision-makers across EMEA, shows that organisations in Saudi Arabia and across EMEA are intensifying their focus on cybersecurity awareness programmes to strengthen workforce readiness against evolving threats, particularly those driven by artificial intelligence ( AI).
This shift aligns with the objectives of Vision 2030, which aims to enhance digital innovation, protect data, and build advanced national cybersecurity capabilities, ensuring a secure and resilient digital environment.
AI-driven threats
The study indicated that the growing reliance on advanced technologies—especially AI—has reshaped cybersecurity strategies. Around 81% of respondents confirmed that AI-driven attacks have increased the perceived importance of cybersecurity awareness training among employees.
Additionally, 93% of organisations have implemented or are in the process of researching or implementing policies governing the use of generative AI tools, while 96% either have or are in the process of researching or implementing measures to test and validate the security of these technologies, including large language models (LLMs).
Training impact
Regarding the effectiveness of awareness programmes, the study found that organisations implementing structured cybersecurity training programmes are achieving tangible results. About 65% of respondents reported a moderate to significant reduction in cyber incidents, while 94% confirmed an improvement in their overall security posture within their organisations.
Phishing simulation exercises emerged as one of the most effective training tools, adopted by 69% of organisations to enhance employees’ ability to detect and respond to threats.
These programmes also help embed a “security-first” culture within organisations, improving employee readiness and reducing cyber risks.
Digital priorities
In terms of training priorities, data security (49%) and data privacy (42%) ranked highest, followed by AI-related threats (38%), which are receiving increasing attention.
Around 50% of organisations are actively training employees on the safe and responsible use of generative AI technologies, while 51% have implemented technical controls to prevent sensitive data leakage.
Empowering employees
In this context, Sami AlShwairakh, Regional VP for Saudi Arabia at Fortinet, stated: “With cyber threats becoming increasingly complex in the age of AI, Saudi Arabia is well-positioned to lead the region in building a secure and safer digital future due to its strong regulatory footing, a big focus on local skills development and extensive investment in digital infrastructure. The findings reinforce that alongside technology investments, empowering employees through continuous cybersecurity education will be key to safeguarding the Kingdom’s digital transformation journey.”
Executive leadership
The findings also highlighted the crucial role of executive leadership in supporting cybersecurity training initiatives. About 93% of respondents confirmed direct support from leadership, while IT and cybersecurity departments manage the operational aspects of these programmes.
In terms of content quality, 76% of organisations have adopted structured training programmes, and 84% offer customised programmes tailored to specific employee groups.
Resource challenges
Despite this progress, challenges remain. Around 67% of respondents believe employees still lack sufficient cybersecurity knowledge, while 32% pointed to a gap between theoretical knowledge and actual behavior in the workplace.
The shortage of skilled talent is another key obstacle, with 28% of organisations attributing delays in implementing awareness programmes to a lack of qualified personnel.
Sustainable awareness
As a result, there is a growing need for continuous and updated cybersecurity awareness and training programmes—especially as AI-driven threats evolve and insider risks increase. Organisations must also address factors that may reduce programme effectiveness, such as low training completion rates and outdated content.
Future outlook
The study concluded that the next phase requires integrating cybersecurity training into enterprise risk management frameworks, positioning it as a core component of sustainable digital security rather than a secondary initiative.
It also emphasised that the effectiveness of awareness programmes depends on continuity, regular content updates, and impact measurement—reinforcing cybersecurity as a key enabler of growth in the digital economy.
Discussion about this post