The National - News

GCC banks ‘cut cyber risks by investing in security’

- Alkesh Sharma

GCC banks are managing their exposure to cyber risks effectivel­y through investment in digital security, according to S&P Global Ratings.

Strong profitabil­ity, capitalisa­tion and liquidity provide a financial buffer to the region’s lenders against potential cyber incidents, the rating agency said in a report.

Gulf banks have managed to move their activities online during the Covid-19 pandemic with minimal disruption, owing to “years of investment in infrastruc­ture and systems”.

They have reported only a “handful of minor cyber attacks” over the past decade, the report said.

The pandemic has accelerate­d digitisati­on of the global banking sector – a trend that was already under way in the Gulf – at an unpreceden­ted rate. More consumers began transactin­g online at the peak of the pandemic-induced movement curbs.

Amid the accelerate­d digital transforma­tion and online purchasing, cyber risk emerged as one of the major threats to the operations and credit profiles of financial institutio­ns, S&P said.

“GCC banks laid the foundation for success over several years by investing in infrastruc­ture and systems, including equipment and software, to minimise their exposure to cyber risk … while also benefiting from supportive regulatory frameworks and cyber risk requiremen­ts,” the rating agency said.

“There have been no major interrupti­ons to the operations of banks in GCC countries … GCC banks’ exposure to cyber risk is manageable, assuming they continue to invest in cyber security and proactivel­y manage risk, taking into considerat­ion the evolving nature of threats.”

Cyber attacks have risen sharply in recent months, with a World Economic Forum report calling 2021 an “unpreceden­ted year for cyber crime in terms of volume and severity”.

Globally, cyber criminal activities were projected to inflict damage worth about $6 trillion last year, a study by research company Cybersecur­ity Ventures found.

Cyber crime costs are expected to increase nearly 15 per cent on a yearly basis worldwide over the next three years to reach $10.5tn annually by 2025 – from $3tn in 2015, the California-based firm said.

Over the years, the GCC banks have adopted strong regulatory frameworks focused on improving cyber security.

For example, the Central Bank of the UAE last year establishe­d a networking and cyber security operations centre to protect the local financial system against cyber attacks.

The Saudi Central Bank’s cyber security framework, issued in 2017, defined requiremen­ts around governance, risk management, compliance, operations, technology and the use

of third-party cyber security services by regulated entities. This year, those rules were supplement­ed with a document on cyber threat intelligen­ce principles.

The Central Bank of Qatar also published a circular in 2018 outlining the regulatory requiremen­ts banks must fulfil to effectivel­y manage cyber risk.

Cyber risks range from a temporary interrupti­on of services to a complete shutdown of IT systems.

They can harm banks’ credit profiles through reputation­al damage, as well as monetary loss. In extreme cases, they could have negative implicatio­ns on liquidity through a sudden outflow of funds.

Data breaches are among the biggest risks, said an S&P report supported by data from cyber security specialist Guidewire.

The data estimated that GCC’s top 19 banks would suffer an average 7.5 per cent fall in net income and a 0.6 per cent decline in equity (based on figures from the end of last year) under a high-severity cyber incident. The banks’ average operationa­l risk capital charge was 3.6 per cent of the total equity.

“Data suggests that GCC banks appear to have sufficient operationa­l risk capital to cover losses related to cyber risk,” S&P said.

GCC banks have faced sporadic cyber attacks in the past.

Hackers claimed to have gained access to the servers of one bank in the Gulf and leaked personal data of its customers, S&P report said. Documents were subsequent­ly posted to the whistleblo­wer site Cryptome in April 2016. The leak comprised more than 15,000 files, including passwords, personal identifica­tion numbers and payment card data.

 ?? Alamy ?? Covid-19 has accelerate­d digitisati­on of the banking sector
Alamy Covid-19 has accelerate­d digitisati­on of the banking sector

Newspapers in English

Newspapers from United Arab Emirates