GCC banks step up cybersecurity to combat emerging threats

February 19, 2024
1 min read



TLDR:

  • No significant losses from cyber incidents for rated GCC banks
  • Success in managing cyber-related risks due to investments in infrastructure and systems

According to a report from S&P Global, GCC banks have not reported significant financial losses from cyber incidents in the past two years. Investments in infrastructure and systems have helped minimize exposure to cyber risks, demonstrating the high priority that senior management and boards place on cyber security. Data from Guidewire suggests that rated GCC banks have manageable exposure to cyber risk, with sufficient operational risk capital buffers to absorb unexpected losses. The region’s vulnerability to cyber criminal activity appears relatively manageable, with no significant losses reported by GCC banks.

GCC banks’ strong profitability provides robust shield against potential losses from cyber incidents

The significance of cyber risk as a threat to global financial institutions is growing, but Gulf Cooperation Council (GCC) banks are actively prioritizing their defense against this danger, according to a new report from S&P Global. In the past two years, no noteworthy cyber attacks or losses have been reported by GCC-based banks. While it is possible that some attacks may have gone unreported, the absence of significant losses in financial reports and the relatively low operational risk capital charges suggest that any incidents were likely minor in nature.

According to cyber security specialist Guidewire, there was a 34.3 percent likelihood that a specific bank would be targeted by a cyber attack as of the end of 2023. Banks and financial companies ranked as the sixth most targeted sector, with an average of 1,131 weekly attacks in 2022.

The success of GCC banks in managing cyber-related risks is not a coincidence. These banks have made investments in infrastructure and systems to minimize their exposure to cyber risk. S&P Global Ratings considers cyber risks for GCC banks to be manageable, supported by data from Guidewire. While the GCC region’s vulnerability to cyber criminal activity appears relatively manageable, the UAE accounted for a significant portion of dark web threats, ransomware attacks, and phishing campaigns.

Furthermore, none of the GCC banks that S&P rated have reported significant financial losses or reputational damage resulting from cyber incidents in the past two years. The banks have sufficient operational risk capital buffers to absorb unexpected losses, with operational risk capital charges representing 12.0 times the modeled loss.

Overall, the GCC banks’ strong profitability provides a robust shield against potential losses from cyber incidents, thanks to their proactive approach to cyber security and risk management.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and