GCC banks’ strong liquidity backs resilience to cyber risk

The top cyber security threats in 2022 for banks include ransomware, ongoing risks from remote work, rising cloud-based cyber attacks, social engineering, and supply chain attacks, according to cyber security experts.

Banks in the GCC are managing their exposure to cyber risk effectively through investment in digital security, according to S&P Global Ratings.

While GCC banks have reported only a handful of minor cyber-attacks over the past decade, management of cyber risk has taken on greater importance as the region's banks moved activities to online platforms during the pandemic, the rating agency said in a report.

“That shift has been conducted with minimal disruption, thanks to years of investment in infrastructure and systems. At the same time the banks' strong profitability, capitalization, and liquidity provide a financial buffer against potential incidents,” said S&P Global Ratings in its report "Gulf banks' strong capitalisation supports resilience to cyber risk."

Guidewire, a cyber-security specialist, estimates that the region's top 19 banks would suffer an average 7.5 per cent fall in net income and a 0.6 per cent decline in equity, based on figures from the end of 2021, under a high-severity cyber incident; at the same time, the banks' average operational risk capital charge was 3.6 per cent of total equity. “We believe the data suggests that GCC banks appear to have sufficient operational risk capital to cover losses related to cyber risk.”

The top cyber security threats in 2022 for banks include ransomware, ongoing risks from remote work, rising cloud-based cyber attacks, social engineering, and supply chain attacks, according to cyber security experts.

They said weak cyber security in the banking sector can compromise customers. The cost of recovering from a breach can be enormous and time-consuming.

In the first half of 2021, ransomware attacks in the banking industry increased by a whopping 1318 per cent which was disproportionate to other industries, according to a report from Trend Micro.

The New York Federal Reserve noted in a report that financial firms experience cyberattacks 300 times more than other industries – highlighting how attractive this sector is to cybercriminals.

Analysts said the main reasons to be vigilant around cybersecurity trends include: An increase in cashless transactions means that more financial transactions than ever before are digital.

The risk of cyberattacks appears even higher for banks with greater geographic diversification, particularly those with operations in regions more prone to cyber-attacks than the GCC,and banks with extensive retail operations, which have proven more likely to attract the interest of hackers.

Guidewire's findings suggest that the cyber risk profile of GCC banks is comparable to developed markets, rather than emerging market banks.

“It is notable that emerging markets are significantly more prone than the GCC to indirect business interruption issues, which stem from problems at third-party service providers. That could be explained by GCC countries' significant investment in infrastructure, which appears to have reduced indirect business interruption risks,” S&P report said. — issacjohn@khaleejtimes.com

• Dubai