As cyber threats continue to evolve in complexity and scale, organizations in Saudi Arabia are facing increasing challenges in safeguarding their digital assets while maintaining compliance with stringent local regulations. Recognizing these growing concerns, Proofpoint, a global leader in cybersecurity and compliance solutions, is making significant investments in the Kingdom to provide advanced, locally compliant security solutions.

In this interview, Sumit Dhawan, CEO of Proofpoint, discusses the company's strategic expansion in Saudi Arabia, the most pressing cybersecurity risks for 2025, and how organizations can strengthen their defenses against modern threats. He also highlights the importance of a unified, human-centric approach to security and Proofpoint’s commitment to supporting businesses in navigating the evolving cybersecurity landscape.

Q: What motivated Proofpoint to expand its presence in the Kingdom, and how will these investments support local businesses in strengthening their cybersecurity?

A: Absolutely. Two key themes emerged from my discussions with customers and government officials when I last visited Saudi Arabia. First, local enterprises have a strong demand for cloud-based security solutions, yet they face strict data sovereignty requirements preventing data from being stored outside KSA. Second, regulators were implementing increasingly stringent policies to ensure sensitive information remained within national borders.

Recognizing these needs, we made a strategic decision to invest directly in Saudi Arabia, bringing advanced cybersecurity solutions tailored to the region. This is a market experiencing a surge in cyber threats, where we already serve some of the largest organizations—including key players in utilities, banking, and oil and gas. However, the challenge has always been balancing security innovation with compliance.

To address this, we recognized we needed to take immediate action to ensure our cloud solutions were available to enterprises in the Kindgom. Proofpoint proactively launched local data center operations to offer the best of both worlds: full data sovereignty alongside industry-leading cloud-based threat protection. This investment directly responds to the needs of businesses in the Kingdom, ensuring they have access to world-class cybersecurity while adhering to local regulations.

Q: Based on Proofpoint research and threat intelligence, what are the most prominent cybersecurity risks Saudi businesses should prepare for in 2025?

A: The external threat landscape is becoming more dynamic and sophisticated, with three major trends reshaping how organizations in Saudi Arabia need to approach cybersecurity. First, attacks have evolved beyond the traditional divide between high-volume, low-sophistication threats and highly targeted, advanced threats. Previously, cybercriminals relied on mass phishing campaigns with low success rates or intricate, targeted attacks that required substantial effort. Over the past year, these lines have blurred—sophisticated attacks are now being launched at scale, powered by automation and AI-driven social engineering. This shift has increased the risk for businesses, as attackers can now deploy highly deceptive, human-targeted threats across multiple industries simultaneously.

Second, the rise of multi-channel attacks is making cybersecurity more complex. The way people work has changed—businesses rely on multiple collaboration tools like Microsoft Teams, Slack, and WhatsApp alongside email. Cybercriminals exploit this by first bombarding users with phishing emails, then following up with attacks through these platforms. Employees overwhelmed with emails often let their guard down when a request appears through another channel, making them more susceptible to deception. Proofpoint’s latest research highlights that 84% of CISOs in Saudi Arabia identify human error as their biggest cybersecurity vulnerability—a significant rise from 48% in 2023. This underscores the growing need for a security strategy that extends beyond email and secures all digital touchpoints where employees communicate and collaborate.

Third, cyber threats are becoming more evasive and adaptive. Many attacks today look harmless upon delivery but become malicious when interacted with—whether it’s a seemingly safe attachment that changes upon opening or a URL that redirects to a phishing site only after the user clicks. Traditional perimeter defences are no longer enough. Organizations need click-time protection that assesses and blocks threats at the moment of engagement. At Proofpoint, we provide AI-powered, human-centric security solutions designed to protect against these evolving threats, ensuring businesses in KSA remain resilient as cyber risks grow more sophisticated. As Saudi Arabia advances its digital economy under Vision 2030, a proactive and adaptive cybersecurity approach will be essential in safeguarding critical infrastructure and business operations.

Q: How does Proofpoint support Saudi organizations in complying with local and international cybersecurity regulations?

A: Cybersecurity regulations, whether in Saudi Arabia or globally, primarily focus on two key areas: protecting sensitive information and ensuring that data is shared securely within defined legal boundaries. In KSA, strict regulations govern how citizen and personal data can be stored, processed, and shared, requiring businesses to adopt robust security measures that ensure compliance.

Proofpoint plays a critical role in this by enabling organizations to detect, classify, and protect sensitive information across all communication channels. Rather than relying on multiple, fragmented compliance solutions for endpoints, Microsoft 365, or Salesforce, businesses need a unified approach. With Proofpoint, compliance policies are enforced consistently, no matter how or where employees share information. This ensures scalability, eliminates security gaps, and provides a seamless framework for meeting both local and international regulatory requirements.

As data-sharing methods continue to evolve, businesses need more than just policy-based compliance—they need adaptive security that keeps pace with modern threats and regulatory changes. Proofpoint’s solutions empower organizations in Saudi Arabia to navigate these complexities with confidence, safeguarding both business-critical and personal data while maintaining compliance with evolving cybersecurity mandates.

Q: What are the biggest challenges organizations face in achieving cybersecurity compliance, and how can they overcome them?

A: One of the biggest challenges in cybersecurity today is the fragmented nature of security solutions, which stems from the rapid expansion of the digital ecosystem. When cloud computing first emerged, the attack surface expanded significantly, prompting a surge in security startups—each focused on solving a specific pain point. However, this led to a patchwork of disconnected solutions, making it difficult for organizations to implement a unified, scalable security strategy.

Now, the industry is shifting toward an architectural approach to cybersecurity. Three major security frameworks have emerged: Secure Access Service Edge (SASE) for network security, Extended Detection and Response (XDR) for endpoint and workload protection, and human-centric security for safeguarding the workspace—where Proofpoint specializes. The biggest shift organizations need to make is recognizing that cybersecurity isn’t just about infrastructure; it’s about protecting people.

At Proofpoint, we address this human-centric challenge by providing a comprehensive workspace security platform that defends against threats, monitors user behaviour, prevents data loss, and strengthens security posture. Instead of relying on multiple, siloed solutions, businesses need a unified approach that integrates seamlessly with SASE and XDR, forming a complete security architecture. Organizations can move beyond reactive compliance and establish a proactive, future-proof cybersecurity framework by adopting this strategy.

Q: What key takeaways do you want attendees to leave with after this event?

A: First and foremost, Proofpoint is deeply committed to the Saudi market. We are making significant investments in the region, and our customer base here continues to grow rapidly. As Saudi Arabia accelerates its digital transformation under Vision 2030, the demand for more sophisticated cybersecurity solutions is increasing. We recognize this need and are dedicated to providing cutting-edge protection that aligns with the country’s evolving security landscape.

Secondly, organizations must adopt a strategic, architectural approach to cybersecurity. The days of relying on either a one-size-fits-all solution or a fragmented mix of point products are over. Businesses need an integrated security framework where human-centric security works in tandem with XDR and SASE to provide comprehensive protection. Proofpoint is a trusted partner in this space, helping organizations secure their biggest asset: their people.

Finally, we acknowledge that cybersecurity is a constantly evolving challenge. No solution is ever perfect, and we are committed to continuous improvement. As we expand our presence in the region, we are here to listen, learn, and adapt—ensuring that our solutions remain at the forefront of innovation while addressing the unique security needs of Saudi businesses.