07 October 2024
The modern banking industry is based on an amalgamation of traditional banking services and digital infrastructure. The advent of digital banking has transformed the banking industry by improving customer experience, increasing operational efficiency, and reducing costs. This rapid development has also led to the rise of a few key challenges such as cybersecurity and data protection.
The financial sector accounts for 9% of cyber-attacks globally with over 10 terabytes of data stolen monthly [1] , with global banks being the primary targets. Statistics indicate that cybercrime has increased by 600% since the COVID-19 pandemic and ~90% of all financial institutions have experienced a ransomware attack over the past year. Also, a malware attack can cost a company ~USD 6.1 million (including the time needed to resolve the attack). This has led to the sector resulting in the second highest losses per breach after the healthcare sector.
Source: a) Purple Sec. DOS/DDoS – Denial of Service/Distributed Denial of Service. b) IBM. The cost incurred per breach in a sector; IBM’s survey includes 604 participants from 17 industries spread across 16 countries and geographic regions.
Global banks on a frequent basis encounter a plethora of cyber-attacks which has led to an increase in cybersecurity investment with future projections indicating an exponential increase in spending.
Notable Cyber Incidents in Global banks
Source: Various
Meanwhile, banks in the GCC region which have grown significantly over the past two decades with combined assets worth over USD 2.5 trillion dollars, have also been kept on their toes when it comes to maintaining cyber resilience. Banks in the region face frequent cyber-attacks, with Kuwait, Saudi Arabia, and the UAE being the most affected countries {2}. The cost of breach in the MENA region is the 2nd highest in the world at USD 8.8 million ranking behind the USA.
Source: IBM. The cost incurred per breach in a country/region; Benelux – Belgium, Netherlands, Luxembourg
Notable Cyber Incidents In GCC
Source: S&P Global
Thus, following the lead of global banks, GCC banks are also estimated to increase their spending on cybersecurity in the coming years. The emphasis placed on cyber resilience is bound to increase exponentially but, it comes at a time when industries across the globe are witnessing a paradigm shift in operations with the integration of artificial intelligence (AI).
Even as the pace and scale of cyber-attacks rises, organizations are contending with an issue of shortfall of skilled cyber professionals along with time constraints. However, advancement in security AI and automation technology has helped level the playing field to an extent. Security AI can help organizations to detect and tackle cyber incidents with greater speed and effectiveness. Organizations with fully deployed security AI and automation have experienced few key advantages including:
However, just like any other new age technology, AI also has certain drawbacks and vulnerabilities because of the complex implementation required and dependency on data quality which could result in false positives, data manipulation, and more.
Thus, security AI in its current state requires organizations to perform a sensitive balancing act which ensures that they stay ahead of the curve in AI adoption while ensuring minimum short-term exposure.
This also begs the question, as to how GCC banks in fair compare to their global counterparts in cybersecurity. Banks in the region have reported only a handful of minor cyber incidents over the past decade. GCC banks successfully moved their activities to online platforms during the pandemic with minimal disruption, because of years of investment on necessary infrastructure coupled with strong profitability, capitalization, and liquidity profiles.
However, the level of exposure faced by GCC banks is bound to increase moving ahead with the projected losses resulting in a decline of 7.5% in net income under a high – severity cyber incident. In addition, the banking sector is combating a shortage of professionals to fill high-paying cybersecurity jobs, with the compensation for the same positions being higher in tech than in finance. With cybersecurity job openings set to grow at one of the fastest paces across the economy over the next 10 years, and tech firms having a firm leg up on hiring initiatives, the years-old talent gap could prove to be a liability for banks also facing a rise in cybercrime.
Source: S&P Global Ratings, Guidewire
Cyber risks may range from a temporary interruption of services to the complete shutdown of IT systems due to data destruction and data theft linked to cyber ransoms. The growth of ransomware linked to data theft, along with the significant amount of sensitive information handled by banks, suggests that this is a major risk for the GCC's lenders. The risk of cyber-attacks appears even higher for banks with greater geographic diversification and extensive retail operations.
The cyber risk profile for GCC banks is at par or slightly better than in comparison to developed and emerging banks currently. However, with the growing geopolitical and economic importance of the region, it remains to be seen whether the banks can cultivate a robust and secure cyber ecosystem to facilitate growth.
[1] European Union Agency for Cybersecurity (ENISA), PT Security, Purple sec
[2] SOC Radar
Never miss a patch or an update with Marmore's Newsletter. Subscribe now!
The convergence of technology and finance is reshaping the GCC Financial Ecosystem. The blog explores key players, regulatory framework and market dynamics of Fintech in the GCC region.
Read MoreThe blog examines the impact of cyber attacks on financial institutions and the resiliency of GCC banks compared to their global counterparts
Read MoreThe blog discusses how net interest margin of Kuwaits banks has moved across interest rate cycles, in light of awaited policy rate cuts.
Read MoreNo Tags!