ALKHOBAR: Saudi Arabia’s cybersecurity landscape is undergoing a structural shift as artificial intelligence moves from supporting compliance processes to actively shaping how organizations manage risk in real time.

Across industries, governance, risk, and compliance — or GRC — is no longer treated as a periodic function. Instead, it is becoming a continuous operational layer embedded into daily workflows.

“Most organizations still treated governance and compliance as periodic, audit-led exercises, even as cyber risk and regulation were changing in real time,” said Jamal M. Labani, co-founder and CEO of Solidrange.

“We wanted to make compliance continuous rather than episodic.”

The shift comes as cyberthreats intensify alongside rapid digital adoption. Saudi Arabia has also increased its focus on cybersecurity as part of its broader digital transformation agenda under Vision 2030.

According to IBM’s Cost of a Data Breach Report 2024, the average cost of a data breach in the Middle East reached $8.75 million, well above the global average.

For years, compliance depended on manual processes, with organizations collecting evidence, assessing controls, and producing reports at fixed intervals. That model is now being replaced.

“What we are building is AI-native employees taking on governance, risk, and security work at scale, while people remain firmly responsible for oversight and decisions,” Labani said.

Rather than reacting after incidents occur, AI systems are increasingly embedded into operational workflows, continuously monitoring risks and enforcing controls.

“We see real AI deployment where it is built into daily operations, not packaged as a marketing feature,” he said.

 

 

These systems are already being used for evidence collection, phishing simulations, risk detection, and compliance workflows, reducing manual workloads and enabling faster responses.

The integration of AI is also reshaping how governance itself is viewed.

“Augmented governance means governance is no longer something managed through paperwork or revisited mainly during audits,” Labani said.

“It becomes part of daily operations, with continuous visibility into controls, risks, and obligations.”

The transition gives organizations real-time insight into risk exposure, allowing them to respond before issues escalate. In heavily regulated sectors, where compliance requirements continue to grow more complex, the shift is becoming increasingly necessary.

As AI takes on a larger operational role, accountability is emerging as a central concern.

“AI adds value by taking on repetitive work, surfacing issues earlier, and giving teams better visibility across the organization,” Labani said.

“But accountability must stay clearly human, with defined ownership, approvals, and audit trails.”

 

 

He warned that the challenge lies less in the technology itself and more in how organizations implement it.

“One of the biggest mistakes is treating AI as a shortcut rather than building it on strong processes, clear ownership, and reliable data,” he said.

Organizations that fail to establish proper governance around AI risk creating new vulnerabilities instead of solving existing ones.

“Another is trusting automation too early without the right governance, controls, and human review around important decisions.”

Saudi Arabia’s regulatory environment is also accelerating adoption of AI-driven cybersecurity systems.

“Saudi Arabia is moving at remarkable speed on digital transformation while raising the bar on cybersecurity, resilience, and regulatory maturity under Vision 2030,” Labani said.

The shift is creating stronger demand for solutions tailored to regulated markets.

“That creates strong demand for Saudi-built platforms that understand local regulations and culture and are designed for regulated sectors from day one.”

As regulations evolve, organizations are increasingly prioritizing systems capable of adapting in real time rather than relying on static compliance frameworks.

The rise of AI is also changing how decisions are made within cybersecurity and compliance teams.

“Human decision-making will become more important, not less, as AI takes over more routine execution and information gathering,” Labani said.

Instead of focusing on data collection, professionals are shifting toward interpretation and strategic judgment.

“People will spend less time collecting inputs and more time making judgment calls about priorities, risk, and the actions that best protect the organization.”

The transition reflects a broader change in cybersecurity, where AI supports decision-making rather than replacing it.

Cybersecurity is no longer only about preventing attacks. Increasingly, it is about responding to threats quickly and effectively.

AI is helping drive that shift by reducing response times, improving visibility, and embedding risk management into everyday operations.

As digital infrastructure expands, the ability to manage cyber risk in real time is becoming a baseline requirement — and the organizations that adapt fastest are likely to define the next phase of the sector.

https://www.arabnews.com/node/2645201/business-economy?shem=rimspwouoe,