Khaberni - The Saudi National Cybersecurity Authority has established incentive rewards for those who report violations in the sector, with values reaching around 50,000 riyals, or equivalent to 1% of the collected penalty value.
The authority revealed the formation of a committee by the governor's decision, consisting of 3 members from its staff to study the reports referred to it, determine the eligibility of the reporters for rewards, and also determine the amounts of these rewards, according to the rules.
The violations that merit a reward include conducting cybersecurity operations without a license or violating its terms, non-compliance with policies and governance mechanisms, frameworks, standards, control measures, and cybersecurity guidelines.
In addition to refusing to provide the Saudi National Cybersecurity Authority with the requested information needed to perform its responsibilities and tasks, or misleading it, as well as possessing, selling, importing, or exporting any cybersecurity-related device or service that does not comply with standards and conditions, or without obtaining the necessary license or approval. Similarly, the case includes obstructing inspectors from performing their duties or preventing them.
In the same context, the authority stipulated in a new project for regulating the reporting of violations, published through the Istitala platform, that the reward would be granted after the violation reported is proven, by either a judicial ruling or by the lapse of the statutory period for appealing it, and that the report played a role in proving the violation.
Furthermore, the conditions for obtaining the reward specify that the reporter must not be an employee of the authority, not be a spouse or in-law of any of the authority’s staff, and that the violation has not been previously reported or rewarded by the authority. The conditions also include that reporting the violation should not be part of the reporter’s job duties if they are a public employee or similar, along with a commitment not to disclose any information related to the report to others.
