Attempting to commit a cybercrime is still a criminal offence in Saudi Arabia, even if the attempt was unsuccessful. Article 10 of the Anti-Cyber Crime Law states that anyone who attempts to commit a cybercrime can be sentenced to up to half the maximum punishment applicable to the completed crime. So, for example, if the completed offence carries a maximum of four years imprisonment, an attempt could still result in up to two years behind bars.
However, the law does provide a narrow but important escape route. Under Article 11, a court may exempt an offender from punishment entirely if they voluntarily report the crime to the competent authority before it is discovered and before any damage is caused. If you self-report after the crime is discovered but before a full investigation is complete, the court has discretion to reduce — though not necessarily eliminate — your sentence. This provision is designed to encourage people to come forward, particularly in cases involving system vulnerabilities or planned attacks.
If you find yourself in a situation where you have attempted something that may constitute a cybercrime — for example, you tried to access a system you were not authorized to use — it is strongly advisable to consult a Saudi-licensed lawyer immediately. Acting quickly and transparently may be the difference between a reduced sentence and a full prosecution. The Bureau of Investigation and Public Prosecution handles all cybercrime cases under Article 15, so any self-reporting would be directed there.
This is general legal information, not legal advice. For advice on your specific situation, consult a lawyer licensed in Saudi Arabia.