Financial Crime World

Cybercrime Threat Looms Large Over Oman’s Financial Institutions: New Regulatory Framework Aims to Mitigate Risks

Introduction

As the year 2020 began on a hopeful note for Oman United Insurance Company SAOG, a ransomware attack struck its main servers, encrypting data from December 10, 2019, to January 1, 2020. This incident highlights the vulnerability of Oman’s financial institutions to cybercrime.

The Threat

In 2019, Oman recorded an astonishing:

  • 123 million Web application attempts
  • Over 417,000 confirmed attacks and losses exceeding $1 million

Although the number of confirmed attacks decreased by 13% compared to 2019, it remains a significant concern for the country’s financial sector.

Government Response

The Oman government has taken steps to improve its cybersecurity stance through:

  • Intense security assessments of government websites
    • Exposing over 41,000 vulnerabilities and 13,000 Internet Protocol addresses that were subsequently fixed
  • The establishment of the Oman Computer Emergency Readiness Team (OCERT) in 2010, which plays a crucial role in detecting and analyzing cyber-risks, raising awareness at the national level

New Regulatory Framework

The Central Bank of Oman (CBO) has recently issued a new Regulatory Framework for Cybersecurity and Resilience to strengthen the financial industry’s defenses against cyber threats. The framework sets minimum requirements for banks, financing and leasing companies, payment service providers, and money exchange companies to implement robust security measures.

Control Domains

The framework is organized into six “Control Domains” or pillars, focusing on:

  • Third-Party Supply Chain Management
  • Online Financial Services
    • …and others

By adhering to this new framework, financial institutions in Oman will enhance their capabilities to safeguard against various types of cyber threats, minimize potential damage control, and maintain customer trust.

Impact

The implementation of this regulatory framework is expected to:

  • Reduce the likelihood of successful cyberattacks
  • Avoid significant financial losses associated with data breaches and cybercrimes
  • Foster confidence among investors and the general public, promoting stability in Oman’s financial market
  • Meet international security standards, attracting international investments and partnerships

Conclusion

The new framework is a step towards bolstering cybersecurity measures in Oman’s financial institutions, ultimately enhancing customer trust that their financial transactions and sensitive information are secure.