The National Information Assurance (NIA) Policy Program in Qatar aims to establish an information security policy framework to address growing cybersecurity risks. It identifies emerging risks like changing political situations, sophisticated attack vectors, and evolving legislation. Real cyber incidents from 2012-2014 targeting Qatar's oil/gas and financial sectors are described. The NIA Policy provides governance structures and technical controls across many areas. It has been adopted by leading organizations and aligns with national strategies. Through training and standards compliance, the program has raised security maturity, enabled the security market, and created jobs while spurring innovation.