With the development of the Saudi financial system after the launch of the Kingdom’s Vision 2030, great emphasis has been placed on strengthening the principles of transparency and safety that achieve stability and ensure the continuity of market operations. Cyber security is considered one of the most important foundations of the market in serving investors at home. For this reason, a guide has been issued by the Capital Market Authority that deals with achieving cybersecurity for financial market institutions and avoiding risks related to the market. The guide tackles the most important issues concerning cybersecurity applications in financial market institutions under the supervision of the CMA. It is based on best international and local practices and standards. Several recommendations have been proposed in the guide, among which is the establishment of a cybersecurity specialized department at licensed financial institutions, provided that all forms of support, such as an adequate budget, are provided. Another recommendation is that it be headed by people in this country who excel in the field of cybersecurity and obtain adequate support and qualifications to contribute to the protection of market assets and safety. The guide also suggests the establishment of a cybersecurity committee that reports directly to the CEO of a company, provided that the task list of the committee and department is updated periodically to ensure that it is in line with the latest developments in the sector. Part of the guidelines deal with data protection, a topic that has occupied the Kingdom during the past week with the adoption of the new personal data protection law. It focuses on identifying data owners, data managers, business and operating procedures, systems applications, practices, standards, and more. Perhaps the most prominent change that can be directly linked to data protection is to define an appropriate mechanism to assess the level and sensitivity of protection and update the levels of protection in proportion to updates, variables, and even threats. We see many efforts made by the CMA about educating investors and financial institutions, but in my opinion they lack sufficient promotion to facilitate their access to everyone. Also, the language needs to be such that is quickly understood by everyone, as the existing guidelines are rich in information, and there are creative ideas as well that will contribute to improving the investor and institutional experience. • Dimah Talal Alsharif is a Saudi lawyer and legal consultant. Twitter: @dimah_alsharif