GCC banks are minimizing cyber risks by investing heavily in digital security, S&P says

According to S&P Global Ratings, GCC banks are effectively managing their cyber risk exposure by investing in digital security.

Strong profitability, capitalization and liquidity provide a financial buffer to lenders in the region against possible cyber incidents, the rating agency said in a report.

Gulf banks have managed to move their business online during the Covid-19 pandemic with minimal disruption, thanks to “years of investment in infrastructure and systems”.

They reported only a “handful of minor cyberattacks” over the past decade, according to the report.

The pandemic has accelerated the digitalization of the global banking sector – a trend that was already underway in the Gulf – at an unprecedented pace. More and more consumers started transacting online at the height of the pandemic-induced restrictions on movement.

Amid accelerated digital transformation and online shopping, cyber risk has become one of the top threats to financial institutions’ operations and credit profiles, S&P said.

“GCC banks have laid the foundation for their multi-year success by investing in infrastructure and systems, including hardware and software, to minimize their exposure to cyber risk…while benefiting from executives favorable regulatory and cyber risk requirements,” the rating agency said.

“There has been no major disruption to bank operations in GCC countries…GCC banks’ exposure to cyber risk is manageable, assuming they continue to invest in cybersecurity and proactively manage risk, taking into account the evolving nature of threats.”

Cyberattacks have risen sharply in recent months, with a World Economic Forum report calling 2021 “an unprecedented year for cybercrime in terms of volume and severity.”

Globally, cybercriminal activities are expected to inflict damage worth around $6 trillion in 2021, according to a study by research firm Cybersecurity Ventures.

The costs of cybercrime are expected to rise nearly 15% per year worldwide over the next three years to reach $10.5 billion per year by 2025, from $3 billion in 2015, the company said. Californian.

Over the years, GCC banks have adopted strong regulatory frameworks focused on improving cybersecurity.

For example, the UAE Central Bank established a Networking and Cybersecurity Operations Center last year to protect the local financial system from cyberattacks.

The Saudi Central Bank’s Cybersecurity Framework, released in 2017, set out requirements for governance, risk management, compliance, operations, technology, and the use of third-party cybersecurity services by regulated entities. This year, these rules were supplemented by a Cyber ​​Threat Intelligence Principles document, which addressed the production and dissemination of intelligence to identify and minimize cyber threats.

The Central Bank of Qatar also issued a circular in 2018 outlining the regulatory requirements that banks must meet to effectively manage cyber risk.

Cyber ​​risks range from a temporary interruption of services to a complete shutdown of IT systems.

They can harm the credit profiles of banks by damaging their reputation, as well as causing monetary losses. In extreme cases, they could have negative liquidity implications through a sudden outflow of funds.

Data breaches are among the biggest risks, according to the S&P report, which is backed up by data from cybersecurity specialist Guidewire.

The data estimated that the top 19 GCC banks would experience an average 7.5% decline in net profit and a 0.6% decline in equity (based on end-2021 figures) in the event of a cyber incident. great gravity. The average operational risk capital requirement for banks was 3.6% of total capital.

“The data suggests that GCC banks appear to have sufficient operational risk capital to cover cyber risk losses,” S&P said.

The global costs of cybercrime are expected to rise nearly 15% per year to reach $10.5 trillion per year by 2025. Bloomberg

GCC banks have faced sporadic incidents of cyberattacks in the past.

Hackers claimed to have accessed the servers of a Gulf bank and leaked personal data of its customers, according to an S&P report. Documents were later published on whistleblower site Cryptome in April 2016. The leak included more than 15,000 files, including passwords, personal identification numbers and payment card data.

In October 2018, an attack on the Pakistani banking system resulted in the theft of details relating to more than 19,000 debit cards, including 25 cards issued by a Bahraini bank operating in Pakistan.

In February 2013, a bank in Oman said 12 of its credit cards had been compromised in an alleged hack originating outside the sultanate.

Updated: May 17, 2022, 04:12

!function(f,b,e,v,n,t,s) {if(f.fbq)return;n=f.fbq=function(){n.callMethod ? n.callMethod.apply(n,arguments):n.queue.push(arguments)}; if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′; n.tail=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t,s)}(window, document,’script’, ‘https://connect.facebook.net/en_US/fbevents.js’); fbq(‘init’, ‘797427810752825’); fbq(‘track’, ‘PageView’);

Sylvia B. Polson