KSA FinTechs bet on AI, but cyber threats are one step ahead, study shows

By Puja Sharma

Cisco has released the Kingdom of Saudi Arabia (KSA) findings from its 2025 Cybersecurity Readiness Index, revealing both encouraging progress and significant gaps in organisational preparedness amidst an increasingly complex and AI-driven threat landscape.

According to the study, 93% of organisations in Saudi Arabia are now leveraging AI to strengthen their cybersecurity strategies—a promising development. However, complexity in security architecture, underinvestment, and a shortage of skilled professionals continue to hinder progress.

With Saudi Arabia’s FinTech sector undergoing rapid digital transformation, these cybersecurity gaps pose serious concerns. As the Kingdom becomes a hotspot for financial innovation under Vision 2030, FinTech firms are particularly vulnerable given their reliance on real-time data, open APIs, and increasingly AI-enhanced platforms.

AI: A Double-Edged Sword for Cybersecurity

AI is both a boon and a risk. Cisco’s survey found that 91% of KSA organisations experienced AI-related security incidents in the past year, yet only 61% of respondents believe their employees understand these threats adequately. Moreover, only half (51%) are confident in their teams’ understanding of how threat actors weaponise AI. This awareness gap is particularly risky for FinTechs, which manage sensitive customer data and high-value transactions.

Additionally, shadow AI and GenAI usage remain under the radar: 39% of organisations are not confident in their ability to detect unregulated AI use. Half of all IT teams are unaware of how employees interact with public GenAI tools—an oversight that can lead to unintentional data leakage and compliance breaches, particularly concerning for FinTech companies operating under stringent data protection mandates.

Key Challenges Identified in the Saudi Market

Cisco’s index assessed organisations across five cybersecurity pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification—covering 31 critical capabilities. Based on these metrics, only 25% of Saudi organisations reached the ‘Progressive’ or ‘Mature’ levels of cybersecurity readiness, although this does mark an improvement from last year.

Implications for FinTech in Saudi Arabia

As the FinTech ecosystem expands across digital payments, embedded finance, open banking, and RegTech, the cybersecurity stakes are rising. Cybercriminals are increasingly targeting financial institutions due to the high-value data and transactions involved. For FinTechs, where agility and innovation often take precedence, robust, AI-augmented security strategies are no longer optional—they’re essential.

Salman Abdulghani Faqeeh, Managing Director, Cisco Saudi Arabia, remarked, “The cybersecurity threat landscape has never been more dynamic and complex. As the Kingdom accelerates its digital agenda, particularly in sectors like FinTech, the need for proactive, AI-powered, and simplified cybersecurity solutions becomes paramount. Cisco remains committed to supporting Saudi Arabia’s digital resilience and readiness.”

Key findings:

• Generative AI (GenAI) Oversight: 28% of employees have unrestricted access to public GenAI tools, often without oversight from IT or risk teams.
• Unmanaged Devices and Hybrid Work: 89% of organisations report increased threats due to employees using unmanaged devices—highlighting a growing risk for remote-first FinTech startups and digital-first banks.
• Budget Prioritisation Gaps: While 98% plan to upgrade IT infrastructure, just 8% allocate more than 20% of their IT budgets to cybersecurity—an underinvestment that could leave FinTech ecosystems exposed to highly sophisticated attacks.
• Overly Complex Security Infrastructures: 84% of organisations use over 10 point security solutions, complicating their ability to respond quickly and effectively to threats.
• Talent Shortages: A staggering 93% cite a lack of skilled cybersecurity professionals, with over half (57%) reporting more than 10 open roles—suggesting the need for upskilling and cybersecurity education across the sector.

Moving Forward

To build long-term resilience, Cisco recommends that Saudi organisations—especially in high-risk sectors like FinTech—take the following actions:

• Integrate AI-driven cybersecurity solutions for threat detection, response, and recovery.
• Simplify complex security infrastructures to reduce response times.
• Educate and train employees on evolving AI-related threats.
• Monitor shadow AI and manage GenAI usage through governance frameworks.
• Invest in talent development to address the cybersecurity skills shortage.

With 72% of KSA respondents expecting cyber incidents to disrupt their business in the next 12 to 24 months, the call to action is clear. For FinTech innovators driving the next wave of financial services, embedding cybersecurity into their core operating models will be critical not just for compliance—but for survival in a hyperconnected, AI-enabled digital economy.