Urbelis, AlexanderAlshuwaier, Abeer Abdulrahman2025-11-132025Alshuwaier, Abeer Abdulrahman (2025). Cybersecurity Governance for Critical Infrastructure in Finance and Energy: Bridging the Compliance–Readiness Gap between Saudi Arabia and the United States (OT/IoT, AI, and Post-Quantum Cryptography). Master’s Dissertation, King’s College London, Dickson Poon School of Law.https://hdl.handle.net/20.500.14154/76980This dissertation investigates how cybersecurity governance frameworks in Saudi Arabia and the United States address the protection of critical infrastructure in the finance and energy sectors. It highlights the regulatory and technical challenges arising from OT, IoT, AI, and post-quantum cryptography, comparing legal enforcement, agility, and readiness across both jurisdictions. The study proposes a strategic governance model for Saudi Arabia to enhance resilience, compliance, and quantum-era preparedness through integrated legal and technical oversight.This dissertation critically examines the cybersecurity governance of critical infrastructure in Saudi Arabia and the United States, focusing on the finance and energy sectors. It explores how regulatory compliance translates into operational readiness against emerging risks from Operational Technology (OT), Internet of Things (IoT), Artificial Intelligence (AI), and post-quantum cryptography (PQC). The research applies Digital Security Risk Management (DSRM), the Regulatory Governance and Collective Accountability (RGCA) model, and Calo’s framework on privacy harm to assess the effectiveness of each jurisdiction’s cybersecurity architecture. Through a comparative legal and policy analysis, it identifies systemic gaps that hinder resilience and proposes a governance roadmap for Saudi Arabia to strengthen sectoral coordination, enforce quantum-aware breach disclosure, and institutionalize PQC migration. Ultimately, the study argues that bridging the compliance–readiness gap requires integrated oversight between legal and technical domains, proactive threat modelling, and adaptive regulatory mechanisms that align with technological evolution and interdependent risk environments.88encritical infrastructureSaudi ArabiaCybersecurity governanceUnited Statesoperational technology (OT)Internet of Things (IoT)artificial intelligence (AI)post-quantum cryptography (PQC)regulatory compliancecyber readinessdata protection lawfinancial sectorenergy sectorrisk managementdigital resilienceThesis