Measuring the Cybersecurity behaviour among Organizations' Employees in Saudi Arabia

Abstract

Saudi Arabia is among the most targeted nations globally by cyberattacks. The rising number of these threats highlights the necessity for employees to understand how to identify and mitigate such risks. The present study aims to assess employees' behaviours of cybersecurity risks and identify the knowledge gaps within an organization in Saudi Arabia. The study is divided into two stages: a phishing simulation with 28 employees and surveys with 25 employees from the selected organization. The findings of the conducted phishing test were that 78% of the employees opened the contained phishing email, while 67% clicked the link and entered personal details. The interviews revealed severe gaps in identifying phishing signs and the absence of preventive measures against cyber threats. Many admitted to not paying attention to suspicious behaviours, and the majority stated they had no idea about the features of phishing. Moreover, a significant sample had no cybersecurity training; this aspect was evident since a high percentage were victims of a phishing attack. The study concludes that there is a need for effective security awareness presentations in the form of continuous and interactive training. This forms the basis of the research; whereby strong trends reveal the importance of developing an adequate cybersecurity culture that makes employees of an organization competent in identifying all potential threats and acting on them to boost the security of that organization.