Riyadh: New findings from the Security Awareness and Training 2025 Global Research Survey conducted by Fortinet, the global cybersecurity leader driving the convergence of networking and security, that included 500 senior IT and cybersecurity decision-makers across EMEA, reveals that organizations in Saudi Arabia and across the region are intensifying their focus on cybersecurity awareness as Artificial Intelligence (AI) driven threats continue to evolve.

The research highlights how the rapid adoption of advanced technologies including artificial intelligence, is reshaping cybersecurity strategies in line with Saudi Arabia’s Vision 2030 ambitions for a secure and resilient digital economy.

AI-Driven Threats Reinforce Urgency for Awareness

As organizations accelerate digital transformation, the growing sophistication of AI-powered cyber threats is driving greater emphasis on employee preparedness. The study found that 81% of surveyed organizations in the EMEA survey say AI-driven attacks have increased the perceived importance of cybersecurity awareness training among employees.

Reflecting this shift, 93% of organizations in the EMEA survey sample have already implemented or are in the process of researching or implementing policies governing the use of generative AI tools. At the same time, 96% either have or are in the process of researching or implementing measures to test and validate the security of deployed AI and large language model (LLM) tools.

Supporting Vision 2030 Through Cyber Resilience

Saudi Arabia’s Vision 2030 places strong emphasis on digital innovation, data protection, and national cybersecurity capabilities. The findings underscore that strengthening human-centric security through awareness and training is\ a critical pillar in supporting these national priorities.

An overwhelming 94% of decision-makers in the EMEA survey believe that increasing cybersecurity awareness among employees would directly reduce cyber incidents, highlighting the importance of building a security-first culture across organizations.

Progress Made, But Awareness Gaps Remain

Despite strong momentum, the research points to ongoing challenges. Around 67% of organizations in the EMEA survey sample believe employees still lack sufficient knowledge when it comes to cybersecurity awareness, while 32% note that employees do not always translate knowledge into secure behavior.

This highlights the need for more targeted, continuous training programs to complement the Kingdom’s broader investments in cybersecurity infrastructure and regulation.

Organizations See Tangible Security Gains

Organizations that have implemented structured awareness programs are already seeing measurable benefits. Approximately 65% of the EMEA survey participants report moderate to significant reductions in cyber incidents since implementing training, while 94% indicate at least some improvements in their overall security posture. Phishing simulations remain a key component, with 69% of organizations actively running such campaigns to strengthen employee readiness against real-world threats.

Data Protection and AI Security Lead Training Priorities

In line with Saudi Arabia’s focus on data sovereignty and digital trust, organizations rank data security (49%) and data privacy (42%) as their top training priorities. AI-related threats (38%) are also emerging as a key area of focus.

Half of organizations are now training employees on the responsible use of generative AI tools, while 51% have implemented controls to prevent the exposure of sensitive information.

Leadership Driving Cybersecurity Culture

Strong leadership engagement is accelerating progress, with 93% of respondents confirming executive support for security awareness initiatives. IT and security leaders continue to play a central role in championing these efforts.

Organizations are also advancing program maturity, with 76% adopting structured training campaigns and 84% delivering tailored training for specific employee groups.

Addressing Resource and Talent Challenges

As Saudi Arabia continues to expand its digital economy, talent and resource constraints remain a challenge. Among organizations that delayed implementing awareness programs, 28% EMEA respondents cited personnel limitations as the primary barrier.

Addressing these gaps will be essential to sustaining momentum and ensuring long-term cybersecurity resilience.

What This Means for 2026 and Beyond

The data is straightforward. Security awareness training reduces incidents. And organizations that invest in it and measure it see real results. But AI is accelerating both attacker capabilities and business adoption. At the same time, insider risk is growing. And too many programs still lose impact because of low completion rates or outdated content.

To be effective, training must be continuous, relevant, and treated as a core risk management control, not a side project.

Speaking on the subject, Sami AlShwairakh, Regional VP for Saudi Arabia at Fortinet,  commented: “With cyber threats becoming increasingly complex in the age of AI, Saudi Arabia is well-positioned to lead the region in building a secure and safer digital future due to its strong regulatory footing, a big focus on local skills development and extensive investment in digital infrastructure. The findings reinforce that alongside technology investments, empowering employees through continuous cybersecurity education will be key to safeguarding the Kingdom’s digital transformation journey.”

About Fortinet
Fortinet is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere our customers need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including Computer Emergency Response Teams (“CERTS”), government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.