Zoho Global Study Reveals Strong Cybersecurity Momentum in Saudi Amid Evolving Identity Security Gaps

Manal Saleh

May 13, 2026- Riyadh, KSA: Zoho Corp., a leading global technology company, released the State of Workplace Password Security 2026 global report today revealing a strong cybersecurity momentum in Saudi Arabia, with 86% of organisations prioritising cybersecurity and 88% already implementing Zero Trust strategies. The findings reflect a clear shift towards more mature security frameworks, signalling strong readiness and alignment with global best practices.

As the nation continues to edge closer to Vision 2030, majority of Saudi organisations (84%) have reported plans to increase cybersecurity budgets over the next five years, and 78% believe they have adequate identity protection tools in place today. On the other hand, cyberattacks remain a threat to businesses in the Kingdom, with 34% of organisations reporting a cyberattack in the past year.

“The Kingdom is entering a new phase of cybersecurity maturity as it continues to move ahead with Vision 2030. Organisations have made significant progress in establishing core protections, but the focus must now shift to intelligent, unified security with a strong focus on identity security,” said Hyther Nizam, CEO, Zoho Middle East and Africa (MEA).

As per the study, 82% of respondents emphasised the importance of integrating security solutions with everyday enterprise tools, underscoring the need for seamless, unified security ecosystems. The report shows a solid foundation of security controls amongst Saudi organisations, led by high adoption of secure browsers (70%), email security (60%), and device management (54%).

However, the findings highlight a gap between strategy and depth of execution. Only 62% of organisations have achieved full identity visibility and control. The adoption of more advanced identity security measures remains relatively low, including Identity and Access Management (38%), Multi-Factor Authentication (28%), Single Sign-On (28%), and passkeys (24%)—leaving potential vulnerabilities in critical access layers. Among the top perceived threats are business-critical identities including malicious insiders (22%), former employees (20%), and social engineering and phishing attacks (16% each).

“As identity becomes the new perimeter, simplifying security stacks and strengthening identity controls will be critical to staying ahead of evolving threats. Organisation are doubling down their investment on detection and response capabilities, yet identity security—governing who has access to what, and under what conditions—remains a critical gap. This is essential because it creates entry points for attackers due to compromised credentials or excessive privileges,” Nizam added.

This uneven adoption underscores ongoing challenges in strengthening identity security. Additionally, vendor fragmentation remains prevalent, with half of the organisations relying on four to six vendors, potentially increasing complexity and operational risk. Together, these trends point to a maturing, but still fragmented cybersecurity landscape, where strategic intent is high but consistent implementation is still evolving.

The study also highlights growing complexity in identity environments. Nearly half of organisations cite exponential growth in identities (49%) as the biggest barrier to achieving zero standing privileges, alongside gaps in processes and tools (38%). On the technology front, Saudi organisations are increasingly turning to artificial intelligence to strengthen security: 64% are extremely likely to adopt AI-driven tools, with demand focused on real-time threat detection (78%), user behaviour analytics (53%), and risk-based access control (51%).

The report also revealed key challenges including cost of security solutions (32%), rapidly evolving threats (26%), and a lack of specialised expertise (20%).

Access and identity control can be managed via password management tools like Zoho Vault and IAM tools like Zoho Directory.  Zoho Vault is Zoho’s workforce password management solution that helps organisations securely store, manage, and share sensitive credentials from a centralised vault. It enables businesses to enforce strong access controls, monitor usage, and maintain password hygiene through role-based access, workflows, and audit reports. With seamless integrations, AES-256 encryption, multi-factor authentication, and a zero-knowledge architecture, Zoho Vault ensures secure and efficient credential management for modern businesses.

As a FIDO Alliance member, Zoho offers an integrated credential security stack spanning Zoho Vault (enterprise password and passkey management with SSO), Ulaa (a privacy-first enterprise browser with built-in DLP and AI-powered phishing protection), Zoho Directory (workforce IAM with SSO, conditional access, and automated provisioning), and Zoho OneAuth (passwordless MFA with passkey, biometric, and TOTP support).

The full report is available on : https://www.zoho.com/vault/state-of-workforce-password-security-report.html

-ENDS-

About Zoho

With 55+ apps in nearly every major business category, including sales, marketing, customer support, accounting and back-office operations, and an array of productivity and collaboration tools, Zoho Corporation is one of the world's most prolific technology companies. With 100 million users around the world, across hundreds of thousands of companies, rely on Zoho every day to run their businesses. Zoho respects user privacy and does not have an ad-revenue model in any part of its business, including its free products. The company is privately held and is headquartered in Chennai, India. Additional offices are in the United States, India, Japan, China, Canada, Singapore, Mexico, Australia, the Netherlands, Brazil, Saudi Arabia, Qatar and the United Arab Emirates. For more information, please visit www.zoho.com/ .