Saudi Edition 
MENA+ Edition 
Egypt Edition 
UAE Edition 
MENA <> India Corridors 
Logistics (MENA) 
Climate (MENA) 
Share
Read Full Issue 
Saudi organizations are seeing early returns from AI-driven cybersecurity, and it’s showing in rising budgets, according to Exabeam’s latest report (pdf). Though security leaders still face a gap in translating these gains to boardroom-level confidence, strong alignment between cybersecurity spending and emerging threats is helping reinforce internal confidence in their strategies, Exabeam’s SVP and General Manager Mazen Dohaji tells EnterpriseAM.
Saudi firms double down on AI-led security
Leading the pack in AI security: Saudi Arabia was the most aggressive adopter of AI in cybersecurity among 12 surveyed nations, with 75% of Saudi organizations saying AI is already improving the speed and accuracy of their security operations, sitting well above the global average of 46%. Only 5% of organizations in the Kingdom are still assessing how to best apply AI, while 20% expect it to improve operations by next year.
Budgets are rising — with intent: Funding is ramping up ahead of 2026, with 31% of organizations expecting cybersecurity budgets to grow by more than 20%, and another 48% anticipating 10-20% increases. Meanwhile, spending is becoming more targeted. “Investments are more likely to be viewed as strategic business enablers and needed to achieve upcoming region-wide goals rather than just technical or compliance costs,” Dohaji said.
And Saudi security leaders are confident in their programs: An exceptional 75% of Saudi security leaders say they are “extremely confident” their investments are delivering business value, versus 44% globally. Dohaji links this to strong alignment, with 97% of organizations saying budgets match expected threats. Early operational gains from AI are also showing up faster than in other markets.
The measurement conundrum
To prove this value to their boards and leadership, 65% of Saudi firms use quantified return on investment models, while 60% rely on operational metrics, such as alert closure rates. Additionally, 58% use outcome metrics, which measure factors like the mean time it takes to detect or respond to a threat.
But cybersecurity’s value can get lost in translation: Despite strong internal confidence, Saudi security leaders still face hurdles when justifying their budgets. The top issue, cited by 23%, is an overemphasis on compliance over risk reduction. Another 20% point to a lack of reporting tools, while 20% say boards don’t fully understand cybersecurity’s link to business resilience, highlighting an industry that is transforming faster than it can measure its own value.
It's a budgeting paradox: Globally, AI is pulling budgets in different directions. It is the top driver of spending increases (44%), the hardest investment to justify (32%), and the first target for cuts (44%) if budgets tighten. Leaders face pressure to adopt AI without clear frameworks to quantify its value in business terms.
Where cuts would land: If budgets were reduced by 10% in 2026, the most vulnerable areas would be threat detection and response tools (46%) and AI and automation platforms (42%), indicating that while AI is heavily funded, it remains an early target for potential cuts. Around 22% also say AI and automation are the hardest investments to justify.
The issue isn’t a lack of data — it’s how that data is communicated: Dohaji claims the challenge lies in how AI’s value to cybersecurity is presented. Security metrics often focus too heavily on technical outputs rather than broader business outcomes like risk reduction, resilience, and efficiency. “Instead of presenting a collection of disconnected metrics, security leaders should build a simple executive story that addresses the risk faced, the investment made, and how that strengthened the organization,” he advises.
Looking ahead
Where AI will have the biggest impact: By end-2026, Saudi organizations expect AI to play the largest role in data enrichment and contextualization (38%), followed by reporting and compliance automation (37%), threat detection and alert triage (35%), workforce productivity and workflow automation (35%), and automated incident response (35%).
From protection to governance: Over the next three to five years, Dohaji expects AI to move beyond system protection toward governing both human and machine behavior across networks. To navigate a complex threat landscape, organizations will need to treat AI as a “governed capability that helps them stay resilient, accountable, and defensible.”
