Business Sector

How secure are GCC banks compared to their global counterparts?

Keshin Pandit

07 October 2024

The modern banking industry is based on an amalgamation of traditional banking services and digital infrastructure. The advent of digital banking has transformed the banking industry by improving customer experience, increasing operational efficiency, and reducing costs. This rapid development has also led to the rise of a few key challenges such as cybersecurity and data protection.

 

The financial sector accounts for 9% of cyber-attacks globally with over 10 terabytes of data stolen monthly [1] , with global banks being the primary targets. Statistics indicate that cybercrime has increased by 600% since the COVID-19 pandemic and ~90% of all financial institutions have experienced a ransomware attack over the past year. Also, a malware attack can cost a company ~USD 6.1 million (including the time needed to resolve the attack). This has led to the sector resulting in the second highest losses per breach after the healthcare sector.

 

Source: a) Purple Sec. DOS/DDoS – Denial of Service/Distributed Denial of Service. b) IBM. The cost incurred per breach in a sector; IBM’s survey includes 604 participants from 17 industries spread across 16 countries and geographic regions.


Global banks on a frequent basis encounter a plethora of cyber-attacks which has led to an increase in cybersecurity investment with future projections indicating an exponential increase in spending.


Notable Cyber Incidents in Global banks




Source: Various


Meanwhile, banks in the GCC region which have grown significantly over the past two decades with combined assets worth over USD 2.5 trillion dollars, have also been kept on their toes when it comes to maintaining cyber resilience. Banks in the region face frequent cyber-attacks, with Kuwait, Saudi Arabia, and the UAE being the most affected countries {2}. The cost of breach in the MENA region is the 2nd highest in the world at USD 8.8 million ranking behind the USA.


Source: IBM. The cost incurred per breach in a country/region; Benelux – Belgium, Netherlands, Luxembourg



Notable Cyber Incidents In GCC


Source: S&P Global


Thus, following the lead of global banks, GCC banks are also estimated to increase their spending on cybersecurity in the coming years. The emphasis placed on cyber resilience is bound to increase exponentially but, it comes at a time when industries across the globe are witnessing a paradigm shift in operations with the integration of artificial intelligence (AI).

Even as the pace and scale of cyber-attacks rises, organizations are contending with an issue of shortfall of skilled cyber professionals along with time constraints. However, advancement in security AI and automation technology has helped level the playing field to an extent. Security AI can help organizations to detect and tackle cyber incidents with greater speed and effectiveness. Organizations with fully deployed security AI and automation have experienced few key advantages including:


  • USD 3.1 million average reduction in data breach costs for organizations with fully deployed security AI and automation.
  • The average time taken to detect, respond and recover from breach reduced from 230 calendar days to 99 days by adopting security AI.

      


However, just like any other new age technology, AI also has certain drawbacks and vulnerabilities because of the complex implementation required and dependency on data quality which could result in false positives, data manipulation, and more.

 

Thus, security AI in its current state requires organizations to perform a sensitive balancing act which ensures that they stay ahead of the curve in AI adoption while ensuring minimum short-term exposure.


This also begs the question, as to how GCC banks in fair compare to their global counterparts in cybersecurity. Banks in the region have reported only a handful of minor cyber incidents over the past decade. GCC banks successfully moved their activities to online platforms during the pandemic with minimal disruption, because of years of investment on necessary infrastructure coupled with strong profitability, capitalization, and liquidity profiles.

 

However, the level of exposure faced by GCC banks is bound to increase moving ahead with the projected losses resulting in a decline of 7.5% in net income under a high – severity cyber incident. In addition, the banking sector is combating a shortage of professionals to fill high-paying cybersecurity jobs, with the compensation for the same positions being higher in tech than in finance. With cybersecurity job openings set to grow at one of the fastest paces across the economy over the next 10 years, and tech firms having a firm leg up on hiring initiatives, the years-old talent gap could prove to be a liability for banks also facing a rise in cybercrime.