Banks in the Gulf Co-operation Council (GCC) are managing their exposure to cyber risk effectively, including through investment in digital security, S&P Global Ratings has said in a report.
Banks in the GCC have reported only a handful of minor cyberattacks over the past decade. Yet, management of cyber risk has taken on greater importance as the region's banks moved activities to online platforms during the pandemic, S&P Global Ratings said in a report entitled ‘Gulf Banks' Strong Capitalisation Supports Resilience to Cyber Risk’, published Tuesday.
That shift has been conducted with minimal disruption, thanks to years of investment in infrastructure and systems. At the same time the banks' strong profitability, capitalisation, and liquidity provide a financial buffer against potential incidents, said S&P Global Ratings.
Guidewire, a cyber security specialist, estimates that the region's top 19 banks (for which data was available) would suffer an average 7.5% fall in net income and a 0.6% decline in equity, based on figures from the end of 2021, under a high-severity cyber incident; at the same time, the banks' average operational risk capital charge was 3.6% of total equity.
“We believe the data suggests that GCC banks appear to have sufficient operational risk capital to cover losses related to cyber risk.
The risk of cyberattacks appears even higher for banks with greater geographic diversification (particularly those with operations in regions more prone to cyber-attacks than the GCC) and banks with extensive retail operations, which have proven more likely to attract the interest of hackers.”
Guidewire's findings suggest that the cyber risk profile of GCC banks is comparable to developed markets, rather than emerging market banks. It is notable that emerging markets are significantly more prone than the GCC to indirect business interruption issues, which stem from problems at third-party service providers.
“That could be explained by GCC countries' significant investment in infrastructure, which appears to have reduced indirect business interruption risks,” S&P Global Ratings said.
Banks in the GCC have reported only a handful of minor cyberattacks over the past decade. Yet, management of cyber risk has taken on greater importance as the region's banks moved activities to online platforms during the pandemic, S&P Global Ratings said in a report entitled ‘Gulf Banks' Strong Capitalisation Supports Resilience to Cyber Risk’, published Tuesday.
That shift has been conducted with minimal disruption, thanks to years of investment in infrastructure and systems. At the same time the banks' strong profitability, capitalisation, and liquidity provide a financial buffer against potential incidents, said S&P Global Ratings.
Guidewire, a cyber security specialist, estimates that the region's top 19 banks (for which data was available) would suffer an average 7.5% fall in net income and a 0.6% decline in equity, based on figures from the end of 2021, under a high-severity cyber incident; at the same time, the banks' average operational risk capital charge was 3.6% of total equity.
“We believe the data suggests that GCC banks appear to have sufficient operational risk capital to cover losses related to cyber risk.
The risk of cyberattacks appears even higher for banks with greater geographic diversification (particularly those with operations in regions more prone to cyber-attacks than the GCC) and banks with extensive retail operations, which have proven more likely to attract the interest of hackers.”
Guidewire's findings suggest that the cyber risk profile of GCC banks is comparable to developed markets, rather than emerging market banks. It is notable that emerging markets are significantly more prone than the GCC to indirect business interruption issues, which stem from problems at third-party service providers.
“That could be explained by GCC countries' significant investment in infrastructure, which appears to have reduced indirect business interruption risks,” S&P Global Ratings said.