How secure are GCC banks compared to their global counterparts?

Source: a) Purple Sec. DOS/DDoS – Denial of Service/Distributed Denial of Service. b) IBM. The cost incurred per breach in a sector; IBM’s survey includes 604 participants from 17 industries spread across 16 countries and geographic regions.

Global banks on a frequent basis encounter a plethora of cyber-attacks which has led to an increase in cybersecurity investment with future projections indicating an exponential increase in spending.

Notable Cyber Incidents in Global banks

Source: Various

Meanwhile, banks in the GCC region which have grown significantly over the past two decades with combined assets worth over USD 2.5 trillion dollars, have also been kept on their toes when it comes to maintaining cyber resilience. Banks in the region face frequent cyber-attacks, with Kuwait, Saudi Arabia, and the UAE being the most affected countries {2}. The cost of breach in the MENA region is the 2^nd highest in the world at USD 8.8 million ranking behind the USA.

Source: IBM. The cost incurred per breach in a country/region; Benelux – Belgium, Netherlands, Luxembourg

Notable Cyber Incidents In GCC

Source: S&P Global

Thus, following the lead of global banks, GCC banks are also estimated to increase their spending on cybersecurity in the coming years. The emphasis placed on cyber resilience is bound to increase exponentially but, it comes at a time when industries across the globe are witnessing a paradigm shift in operations with the integration of artificial intelligence (AI).

Even as the pace and scale of cyber-attacks rises, organizations are contending with an issue of shortfall of skilled cyber professionals along with time constraints. However, advancement in security AI and automation technology has helped level the playing field to an extent. Security AI can help organizations to detect and tackle cyber incidents with greater speed and effectiveness. Organizations with fully deployed security AI and automation have experienced few key advantages including:

• USD 3.1 million average reduction in data breach costs for organizations with fully deployed security AI and automation.
• The average time taken to detect, respond and recover from breach reduced from 230 calendar days to 99 days by adopting security AI.

However, just like any other new age technology, AI also has certain drawbacks and vulnerabilities because of the complex implementation required and dependency on data quality which could result in false positives, data manipulation, and more.

Thus, security AI in its current state requires organizations to perform a sensitive balancing act which ensures that they stay ahead of the curve in AI adoption while ensuring minimum short-term exposure.

This also begs the question, as to how GCC banks in fair compare to their global counterparts in cybersecurity. Banks in the region have reported only a handful of minor cyber incidents over the past decade. GCC banks successfully moved their activities to online platforms during the pandemic with minimal disruption, because of years of investment on necessary infrastructure coupled with strong profitability, capitalization, and liquidity profiles.

However, the level of exposure faced by GCC banks is bound to increase moving ahead with the projected losses resulting in a decline of 7.5% in net income under a high – severity cyber incident. In addition, the banking sector is combating a shortage of professionals to fill high-paying cybersecurity jobs, with the compensation for the same positions being higher in tech than in finance. With cybersecurity job openings set to grow at one of the fastest paces across the economy over the next 10 years, and tech firms having a firm leg up on hiring initiatives, the years-old talent gap could prove to be a liability for banks also facing a rise in cybercrime.

Source: S&P Global Ratings, Guidewire

Cyber risks may range from a temporary interruption of services to the complete shutdown of IT systems due to data destruction and data theft linked to cyber ransoms. The growth of ransomware linked to data theft, along with the significant amount of sensitive information handled by banks, suggests that this is a major risk for the GCC's lenders. The risk of cyber-attacks appears even higher for banks with greater geographic diversification and extensive retail operations.

The cyber risk profile for GCC banks is at par or slightly better than in comparison to developed and emerging banks currently. However, with the growing geopolitical and economic importance of the region, it remains to be seen whether the banks can cultivate a robust and secure cyber ecosystem to facilitate growth.

[1] European Union Agency for Cybersecurity (ENISA), PT Security, Purple sec

[2] SOC Radar