المملكة: Urgent: Rewards of 50 thousand riyals and complete confidentiality… new rules for cyber reporting

SubtractedThe National Cybersecurity Authority Draft new regulatory rules aimed at motivating individuals to report cybersecurity violations, offering financial rewards of up to 50 thousand riyals. The project, which was presented on the “Reconnaissance” platform, aims to…"to enhance the protection of national cyberspace and support efforts aimed at protecting digital systems and sensitive infrastructure in the Kingdom.

According to the proposed rules, the Authority will receive reports via its website or any other means it determines later, using approved forms that allow the informants to enter their data and details of the violation, with the possibility of attaching supporting evidence. The rules also provide an option for whistleblowers to specify their desire to receive the reward, and in return, reports can be submitted anonymously, but this option waives the right of the whistleblower to claim the reward.

The Authority confirmed that all reports will be recorded in a confidential register to ensure follow-up, and a careful verification process will be conducted to verify the accuracy of the information before taking any action. The Authority has the right to contact the whistleblower to request additional information if necessary.

And to be eligible for the reward, which is granted according to the Authority’s discretion with a maximum of 50 thousand Saudi riyals or the equivalent of 1% of the value of the fine collected. "Whichever is less"The rules stipulate that the informant must be a natural person.

Employees of The Authorityand their relatives up to the fourth degree, or that reporting is part of the whistleblower’s job duties if he is a public employee. It is also required that the violation be not discovered in advance and that the whistleblower not disclose the details of his report, and that the decision regarding it becomes final.

The rules clarify that a specialized committee will be formed by decision of the Authority’s Governor, which includes at least three members with regulatory, financial or accounting experience, to study the reports and determine the extent of reward entitlement and its value.

The committee will base its assessment on several criteria, the most important of which is the accuracy of the information provided and its role in proving the violation, the seriousness of the violation and its impact on cybersecurity, in addition to the extent of the risks to which the whistleblower may be exposed, the extent of the damage that was avoided, and the extent of his cooperation with the authority.

The National Cybersecurity Authority stressed its full commitment to the confidentiality of all information provided, stressing that it will take all measures to protect the identity of the whistleblower, and has the right not to disclose the results of the investigations in order to preserve confidentiality. Work.

The rules also stipulate the authority’s obligation to provide support and legal support to the whistleblowers in the event that they are exposed to any harm as a result of their report, while the rules give the authority the authority to take legal measures against those who submit malicious reports and refer them to the competent authorities.

​​​​