Only 50% of professionals in the Middle East, Turkey and Africa receive cybersecurity training, according to new survey data announced at Black Hat MEA 2025 in Riyadh this week. The findings highlight a critical knowledge gap as human error continues to drive the majority of cybersecurity breaches across the region.

The Kaspersky survey, titled “Cybersecurity in the workplace: Employee knowledge and behavior,” polled 2,800 employees and business owners across seven countries including Saudi Arabia and the UAE. The results underscore an urgent need for structured training programs that reach employees at every organizational level.

Key Takeaways

  • 50% of META region professionals receive cybersecurity training
  • 45.5% encountered workplace scams in the past year
  • 16% suffered consequences from deceptive communications
  • 62% identified training as the most effective awareness tool
  • 14% admitted making mistakes due to knowledge gaps

Social Engineering Attacks Target Human Psychology

Nearly half of surveyed professionals (45.5%) encountered scams disguised as messages from their organization, colleagues or suppliers within the past year. Additionally, 16% experienced negative consequences after falling victim to such deceptive communications.

Modern cyberattacks deliberately bypass digital defenses by exploiting human psychology through “social engineering” schemes. These attacks manipulate trust and urgency to trick employees into sharing sensitive information or initiating fraudulent transactions.

Other human-related security issues include compromised passwords, sensitive data leakage, unpatched IT systems and applications, and unlocked or unencrypted devices.

Training Emerges as Top Solution

The knowledge gap has direct consequences, with 14% of respondents acknowledging they made IT-related mistakes due to insufficient cybersecurity awareness. However, the survey reveals strong employee receptiveness to education.

Training ranked as the most effective means of raising cybersecurity awareness among non-IT employees, with 62% selecting it over other options. By comparison, only 44% chose references to legal responsibility and 23% preferred threat stories.

Employees Seek Comprehensive Education

When asked about specific training topics, respondents showed broad interest across multiple areas. Protecting confidential work data topped the list at 43.5%, followed by account and password security (38%) and website safety (36.5%).

Other priorities included social network and messenger security (32%), mobile device protection (31.5%), email safety (29%), remote work security (24%), and AI-based services like chatbots (16.5%). Notably, 25% expressed interest in undergoing all available training modules.

“Cybersecurity cannot be siloed within the IT department. From the C-suite to the intern, a shared understanding of digital risks is essential,” said Mohamad Hashem, General Manager for Saudi Arabia and Bahrain at Kaspersky. “Building a resilient organization requires empowering every employee with the knowledge to spot a scam, avoid costly mistakes, and become a true guardian of company data.”

Building Security-First Culture

For training to become integrated into daily routines, programs must be well-structured and tailored to individual roles and existing IT skills. The survey findings suggest that gamified, practical training enhances engagement and knowledge retention.

Organizations can strengthen defenses by implementing robust monitoring and cybersecurity solutions, introducing structured employee education platforms, and establishing clear security policies covering passwords, software installation and network segmentation.

Furthermore, fostering a security culture that encourages reporting suspicious activity and rewards proactive behaviors can transform employees from potential vulnerabilities into vigilant defenders of organizational data.