Financial Crime World

Cybercrime on the Rise in Oman’s Banking Industry: Central Bank Issues New Regulatory Framework to Combat Threats

The Omani banking industry has been grappling with a growing threat of cybercrime, with the country recording a staggering 123 million web application attempts and over $1 million in losses in 2020. Despite a 13% decrease in confirmed attacks compared to the previous year, the number remains alarming, highlighting the need for robust cybersecurity measures.

A Growing Concern

  • In 2020, Oman recorded:
    • 123 million web application attempts
    • Over $1 million in losses
  • Although confirmed attacks decreased by 13%, the number is still concerning and requires attention

An Example of Cybercrime: Oman United Insurance Company SAOG

On January 1, 2020, Oman United Insurance Company SAOG was hit by an attack, resulting in the loss of data dated from December 10, 2019, to the day of the attack. However, thanks to a robust backup system, the company was able to recover lost data within a day.

Proactive Measures

Oman has been proactive in addressing its cybersecurity concerns:

  • The Ministry of Technology and Communication launched intense security assessments on government websites, exposing:
    • Over 41,000 vulnerabilities
    • 13,000 internet protocol addresses that were discovered, analyzed, and fixed by the ministry
  • The Oman Computer Emergency Readiness Team (OCERT), launched in 2010, has been instrumental in detecting and analyzing cyber-risks in the country and raising cyber awareness at the national level

Impact of OCERT’s Efforts

As a result of OCERT’s efforts:

  • The number of attempted cyberattacks in Oman plummeted from 880 million in 2017 to 12 million in 2022

New Regulatory Framework: Central Bank of Oman (CBO)

To further strengthen its cybersecurity stance, the CBO has issued a new regulatory framework for cybersecurity and resilience. The framework requires banks, financing and leasing companies, payment service providers, and money exchange companies to meet minimum requirements to build a financial industry resilient against cybersecurity risks.

Six Control Domains

The new regulation is organized into six control domains or pillars, each representing a distinct area of focus and guidelines for implementing security measures:

  • Third-party supply chain management
  • Online financial services
  • And others

Goals of the New Framework

By implementing this framework, the CBO aims to:

  • Establish guidelines for licensed institutions to handle cybersecurity risks
  • Maintain uniformity in their ability to manage such risks
  • Enhance the capabilities of banks and financial institutions in Oman to safeguard themselves from various types of cyber threats
  • Minimize potential damage control
  • Promote stability in the country’s financial market

International Standards and Foreign Investments

The new framework could:

  • Promote international security standards
  • Attract foreign investments and partnerships
  • Enhance customer trust as security measures assure customers that their financial transactions and sensitive information are safe