Financial Crime World

Saudi Arabia’s Financial Institutions Brace for Cyber Threats Amid Digital Transformation

As Saudi Arabia embraces a more digitized future, the country’s financial sector is rapidy adapting to offer customers enhanced digital services in line with global trends. However, this shift towards modernization brings new cybersecurity risks that must be addressed.

A Financially Lucrative Target

With personal and financial information at stake, the financial industry is a prime target for cybercriminals. A successful attack can cause far-reaching damage, disrupting the broader economy.

Growing Cyber Threats

The financial services sector is a notable target of cybercrime in Saudi Arabia. According to a report by Ponemon Institute, costs for each company in the industry reach approximately $18.3 million per year. With the pandemic leading to a shift to remote work, e-commerce activity, and financial technology adoption, operational planning lapses have left Saudi Arabia’s financial sector particularly vulnerable.

IBM research revealed a 6% increase in data breach costs during the pandemic, averaging $6.93 million per breach in Dubai and Saudi Arabia.

Defensive Measures

To safeguard against cyber threats, financial institutions must take proactive steps:

  1. Conduct a thorough risk assessment to identify vulnerable business areas.
  2. Implement robust identity and access management controls, such as multi-factor authentication, password management, and activity monitoring.
  3. Encrypt sensitive data at all times.
  4. Have a dedicated cybersecurity team in place, equipped with the latest security tools and knowledge of the latest cybercriminal tactics.
  5. Prepare a well-prepared disaster recovery plan to restore both data and systems in the event of a cyberattack.

Cybersecurity Expertise and Regulatory Landscape

The Saudi Arabian regulatory environment for cybersecurity is constantly evolving. In response to unique threats to the financial sector, the Saudi Arabian Monetary Authority (SAMA), now known as the Saudi Central Bank, introduced a new Cyber Security Framework in 2017.

Financial institutions in Saudi Arabia must now align with the Saudi Personal Data Protection Law, which took effect in March 2022. This legislation applies to any company or organization handling the personal data of Saudi residents, with compliance involving registration, annual fees, and the appointment of a local representative if the company lacks a legal presence in the Kingdom. Failure to comply could lead to imprisonment and fines of up to SAR 5 million.

With stringent new regulations and a rapidly changing digital landscape, financial institutions must take a more proactive approach to cybersecurity to protect customers’ data and secure their digital systems.

To learn more about cybersecurity solutions, contact Ahmad Al Zoubi.