GCC Banks’ strong investment supports resilience to cyber risk; S&P

By Arya M Nair, Official Reporter
  • Follow author on
Representational image

GCC banks have laid the foundation to minimize their exposure to cyber risk through investments in digital security, according to the S&P Global Rating agency.

Over the last decade, only a few digital breaches and cyberattacks have been recorded by GCC banks. While some may have gone undetected, given that these were minor incidents with the absence of significant losses in financial reports and the banks’ relatively low operational risk capital charges.

S&P’s view of manageable cyber risk for GCC banks is supported by data from cyber security specialist Guidewire. It estimates that the region’s top 19 banks would suffer an average 7.5 percent fall in net income and a 0.6 percent decline in equity, based on figures from the end of 2021, under a high-severity cyber incident, at the same time, the banks’ average operational risk capital charge was 3.6 percent of total equity.

According to the agency, GCC banks’ low cyber risk exposures are underpinned by significant investment in infrastructure, equipment, and software, including for cyber risk mitigation, local regulatory frameworks and requirements centered on cyber security.

The notable cyber incidents in GCC include a breach and leak of the personal data of a Qatari bank’s customers by hackers. Documents were subsequently posted to the whistleblower site Cryptome in April 2016. The leak comprised more than 15,000 files, including passwords, pin numbers, and payment card data.

In February 2015, the website of a Saudi bank was reportedly taken down by a cyberattack and an Omani bank said that 12 of its credit cards were compromised in an alleged hack originating from outside Oman, in February 2013.

In October 2018, an attack on Pakistan’s banking system resulted in the theft of details relating to more than 19,000 debit cards, including 25 cards issued by a Bahraini bank with operations in Pakistan.

A study by research company Cybersecurity Ventures noted that globally, cyber criminal activities were projected to inflict damage worth about $6 trillion in 2021. Cyber crime costs are expected to increase nearly 15 percent on a yearly basis worldwide over the next three years to reach $10.5 trillion annually by 2025, from $3 trillion in 2015, the California-based firm said.

Related: GCC central banks raise benchmark interest rates to curb inflation