ArticlePDF Available

The Significance of Cybersecurity System in Helping Managing Risk in Banking and Financial Sector

Authors:
The Significance of Cybersecurity System in Helping
Managing Risk in Banking and Financial Sector
Prof. Adel Ismail AL-ALAWI*
University of Bahrain, College of Business Administration,
Department of Management and Marketing
P.O. Box 32038,
Kingdom of Bahrain
*Corresponding Author
Ms. Sara Abdulrahman AL-BASSAM
Arabian Gulf University, College of Graduate Studies,
Department of Innovation & Technology Management
Arabian Gulf University,
P.O. Box 26671, Kingdom of Bahrain
Abstract:
The purpose of this study is to demonstrate the significant effect and the benefits of applying cybersecurity in the
organization's systems, focusing on the banking sector. Also, this study aims to encourage the application of
cybersecurity in order to maintain information safely as well as managing information risk effectively. However,
many banking and financial organizations are still conservative regarding the application and use of cybersecurity. In
fact, these financial institutions may be unaware of the benefits associated with cybersecurity. Additionally, the
increased costs of its application could be a reason for its rejection. Accordingly, several questions were raised to
determine the level of knowledge and skills related to cybersecurity in these banks.
Methodology - To answer the research questions, an online questionnaire was distributed to 100 bankers in 26 banks
and only 35 respondents from Conventional banks, Islamic Banks, Insurance Companies, Investment Banks, and
Capital Market. They were advised to forward the survey hyperlink to their coworkers and colleagues in the same
and different banking and finance sectors. The majority, almost 87%, were from Conventional and Islamic
banks. Subsequently, results were obtained and analyzed using Google Forms.
Findings - The questionnaire aimed to identify the types of risks that have affected financial institutions in Bahrain
and the frequency of occurrence. Respondents stated that banks are exposed to three main risks, which are online
identified theft, deliberately damaging computers’ systems, and hacking. In addition, banks are facing cyber-attacks
frequently. About 26% of financial institutions encountered online identified theft, while 23% experienced
intentional damages to computer systems, and 11% faced hacking attempts. This variety of cyber threats is evidence
that cybersecurity is escalating and evolving, at least quarterly, to the extent that it is disrupting operations. The
questionnaire was targeted to investigate the role of the board of directors and other executive directors in eliminating
the threats of cyber-attacks. Consistently, the results showed that cyber-attacks are immediately reported to the board
of directors to take further actions. The respondents also agreed that the board of directors expresses its deep concern
about these attacks and puts forward different attempts to reduce cybersecurity risks. The study shows that the
enforcement of security policies, providing security with appropriate funding and mandating security awareness
training is among the most utilized methods by the board of directors and executive managers to reduce cyber
risks. An important factor to determine the effectiveness of the cybersecurity method adopted is the knowledge and
skills of the team of employees that deal with cyber attempts. Furthermore, the result shows that the significant skills
gap that the organization sees in its employees is the lack of the essential technical skills that all employees should
have to respond to the various cyber-attacks. Also, the results revealed that communication is another skill that the
employees lack. Without these two critical skills, the organization will face difficulties in responding to complex or
even simple issues.
Recommendations - As cybersecurity issues continue to evolve, they are now the core focus of financial institutions
boards of directors (BOD). Consequently, a variety of recommendations were proposed for banks, including the need
to enhance the awareness of cybersecurity as well as improving employees’ technical skills.
Research limitations - A number of limitations were faced by this study; the main restriction was the limited number
of responses and the amount of feedback collected from the questionnaire, as more responses would have added a
higher value for this study.
Research value - Despite the limitations, the study enhanced our understanding of cybersecurity and its importance
for institutions of the banking sector, as they can use these results as guidelines for improving their employees’ skills
in detecting various cyber-attacks. In addition, these findings are of significant importance in extending the
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1523
knowledge of cybersecurity and its impact on these financial institutions. Furthermore, banks can be assisted by this
study as it provides beneficial recommendations regarding cybersecurity.
Keywords: Cyber Security, Risk, Security, Cyber-attacks, Banking and Financial Sector, Cyber threats, Bahrain
Introduction
With the rapid growth in the technological environment nowadays, many organizations, whether large or small, have
full reliance on the use of information systems in their daily operations, which creates a need for the organization to
take into consideration effective strategies regarding information security in order to protect the institutions sensitive
and valuable databases from being stolen or attacked by cybercriminals.
The global banking system has faced significant changes within the last few years in terms of processes, transactions,
and operations, which are influenced by technology and its innovations within recent trends. However, there are
specific concerns within systemic operations and information technology innovation. Banks are depending on third-
party systems to offer several digital services. Thus they depend on systems that are out of their control. This has
raised the awareness of hackers and criminals of technological threats and weaknesses that would allow them to hack
banking systems and steal valuable information and funds. Cyber threats and attacks are challenging due to the rapid
change in technologies. Banks should take into consideration cyber-attacks in order to protect their clients; the study
will provide a base for future studies in terms of threats and strategies against cyber-attacks and to examine protection
strategies implemented by banks, and awareness that banks and clients are familiar with in terms of cyber threats and
security.
Cybersecurity is a process designed to defend the computers, servers, networks, and digital data from unauthorized
access and destruction or attack in cyberspace. Organizations must be concerned about the safeguarding of their
financial data, intellectual properties, and their reputation as a crucial part of their business strategy. The goals of
businesses and governments in their use of the cybersecurity component are not only to protect their confidential
information but also to ensure the availability of the information and maintain its integrity.
As information security is part of the national security of any country, many countries try to develop a comprehensive
strategy to ensure information security in cyberspace. Many countries have realized that the technological boom leads
to security challenges for the nation and citizens, so they must work to ensure the security of information through
cybersecurity, which depends on the means of technical and legal resistance to the illegal use of information.
According to a study, the Cyber Security Centre of UK Government (2017) stated that nearly 50% of UK companies
were affected by cyber breaches or attacks in the last year. Despite this’, the UK Government has promised to put in
$2.5 billion to defend the country from cyber-attacks to help prepare and make the UK the securest area to live in and
to conduct business online. Institutions must take the initiative to secure digital consumer data. They are providing
aware cyber programs, e-Training, foundation cyber courses, and free consultations.
However, the government expert in the Kingdom of Bahrain has noted that the phenomenon of cybersecurity tasking
will be soon undertaken in the Kingdom; moreover, the country has already started a cybersecurity awareness
campaign within the government as well as organizations to explain how cybersecurity is needed as a protection
against any online risk or threats, and about the need for the right infrastructure in order to protect the government
and organizations from data breaches. Nonetheless, the government stated that it may take around four years to hire
this IT -security as well as to train their staff to build them up with a good cybersecurity knowledge.
Despite the prominent role of the government in working on the application of this strategy in Bahrain over recent
years through active participation in regional conferences and raising awareness among citizens (Al-Alawi, 2005), the
successful implementation requires concerted efforts and cooperation of all parties, whether government
organizations, private sector or international parties.
Nevertheless, cybersecurity is a key concept to introduce in many organizations due to the increased reliance on
technology in conducting business. Thus, firms across the world need to be aware of the significance and application
of cybersecurity. One of the main objectives of cybersecurity is to protect the data and information from illegal theft
and damages as these acts have increased widely in recent years. Some of the advantages of cybersecurity are to
facilitate the work of the organization, increase customer satisfaction, reduce paperwork, and to improve cash flow,
safety, and security. At the same time, the disadvantages are such as fraud risk, legal risk, and technical risk.
According to ISACA (2017), the phrases ―cybersecurity‖ and ―information security‖ are frequently used
interchangeably, but in actuality, cybersecurity is a part of information security. In particular, the phrase
cybersecurity practice as an alternative expression for IT security and information risk management. Nevertheless,
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1524
cybersecurity is referred to as part of information technology security, and it primarily focuses on the protection of
computers, programs, and digital data and assets from unauthorized access or destruction. Usually, cybersecurity
signifies what might be anticipated to preserve and safeguard institutions and people from planned ―attacks, breaches,
incidents and consequences‖.
Nowadays, the study of cybersecurity is of great significance as it is known that the government, corporations, and
financial institutions deal with confidential information via information technology and at times transfer data
across networks to other computers. So the data needs to be safeguarded. To deal with this at first, every
organization should have a process for identifying cybersecurity risks which can be identified through
classified information, tools to measure risk, communicate risk and identify threats.
After the identification of risks, the firm must take an overview of the capability of protecting and
maintaining the systems and devices. However , evolving risks of cyber-attacks and new fraud patterns are
met with the new and evolving ways of meeting consumer demands.
The purpose of this study is to demonstrate the significant effect and the benefits of applying cybersecurity in the
organizations systems, focusing on the banking sector. Also, this study aims to encourage the application of
cybersecurity in order to maintain information safely as well as managing information risk effectively. However,
many organizations are still conservative regarding the application and use of cybersecurity. In fact, these
organizations may be unaware of the benefits associated with cybersecurity. Additionally, the increased costs of its
application could be a reason for its rejection.
Financial institutions hold valuable information about their clients and huge amounts of funds; this creates threats due
to the rise of technical abilities within banking transactions and operations. Criminals and hackers are aware of these
threats. They can use technological processes to attack the cybersecurity of the financial institutions and steal clients’
information and funds in cases of breaching. Cyber threats are considered to be a massive issue within the banking
sector, and thus banks should be up to date with new technological trends to protect their data. There is a lack of
knowledge skills, top management support, and cybersecurity workers skills of professionalism in the field.
This study raises the following questions:
To what extent are banks confident of their cybersecurity knowledge and skills?
How does the organization’s executive team in the banking sector support the implementation of
cybersecurity?
What are the crucial skills of cybersecurity professionals?
How do these organizations develop the required skills for cybersecurity in their employees?
To what extent is cybersecurity able to detect threats?
In order to answer the previous questions, a questionnaire is distributed to 26 financial institutions classified as
Conventional banks, Islamic Banks, Insurance Companies, Investment Banks, Capital Market and Specialized Banks
located in the Kingdom of Bahrain, to be filled by their managers and employees. Subsequently, data collected is
analyzed to enhance the significance of this study as well as answering the proposed questions.
This study is mainly limited by the constraints of time. Additional time would have enabled the research to go into
more detail. Moreover, the limited number of studies conducted in this field formed a restriction on the amount of
available data considering cybersecurity. Furthermore, the amount of feedback obtained from the questionnaire
formed a limitation for this study.
The present study comprises five sections. Following this introduction is the review of related literature, with the
methodology in the third section, results and discussion in the fourth section, and finally, recommendations and
conclusion in the fifth section.
Literature Review
Introduction
Over the past decades, the primary concern of a financial institutions security system was to secure its physical data
and its buildings. Today, in contrast, the continuously evolving technology has played a significant role in
transforming the classical business functions to be highly innovative and facilitate the banks operations. However, a
high technology oriented institution may encounter various challenges, many of which can lead to information
breaches and hackers attempts to destroy valuable assets. As a result, financial institutions are required to be
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1525
cautious and observant of such threats through the adoption of cybersecurity systems to manage and control these
risks.
The Status of Cybersecurity in Banking
BBA and PWC (2014) stated that cyber threat has spread across the world, and thus strategies should be implemented
in order to overcome the threats. Banks cyber responsibilities are divided within its various departments, which
could cause some difficulties in figuring out and prioritizing threats as well as which procedures should be taken to
respond to threats (Al-Alawi, Al-Bassam & Mehrotra, 2020). Furthermore, intrusion into the banking system is
considered to be the highest attack because it can steal, modify, and delete the bank’s data. Hackers can control the
banking network by taking advantage of the hardware, software, and human vulnerabilities, thus resulting in
catastrophic consequences. The effect of security attacks on the bank includes damages to the banks reputation,
affecting the stability of the financial market and influencing share prices.
Summerfield (2014) argued that digital technology has a significant impact on the banking sector. Financial
institutions depend heavily on third parties in terms of technological and digital solutions to carry out transactions and
operations. Therefore, banks had upgraded to technological aspects to raise their efficiency. Regardless of the
positive effects of technology within the banking sector, there are a number of negative effects of technology,
including cyber-crimes, which have been increasing recently. Summerfield (2014) added that the world’s top 50
banks’ websites had been attacked, which has caused losses equal to $1 billion annually. Cybersecurity can be a
competitive advantage to banks, and thus, banks should increase security measures to protect their data and gain
customers’ trust.
Cawley (2017) explained that the banking sector is fighting to keep pace with high trends of technological
innovations, especially with regulations related to operations of the banking system. The technological inheritance is
an inconvenience to clients and has key security risks for banks and their clients. Cawley stated that two-factor
authentication, for instance, is a security implementation against cyber-attacks to protect the bank accounts of clients.
Banks would send codes to clients’ mobiles prior to log-in; in this case, attackers would need to access to the mobile
and the computer to access to the account information and financial transactions. Regardless of the effectiveness of
the procedure, several financial institutions are not using two-factor authentication in order to secure the banking
accounts and information of their clients. He explained the situation in a Bangladeshi bank, which has vulnerabilities
within the computer system of the bank. They detected malware in the customer computer system; attackers use this
malware to bypass risk controls and start the process of transferring funds. Kuepper (2017) argued that clients
experience low losses from banking cyber-attacks because they would quickly respond to missing funds by informing
the bank. In the USA, the law requires banks to refund the client in the case of theft of funds from their account
without their authorization, in the case where the client has notified the bank of the loss within 60 days of the
transaction.
McGoogan (2017) indicated in The Telegraph that the fraud of financial Cyber-attacks against banking and financial
services institution cost end-users more than $10.5bn in 2016, and it increased by 122% from the previous year.
Online transactions increased by 10% for the same period. Therefore the online creditors are under intensifying stress
to implement stronger and smarter authentication mechanisms to accelerate authentic and proper loans and terminate
fraud. Table-1 illustrates the ten most common cyber-crimes in the UK, with several cases reported in the year to
June 2016 by McGoogan, (2017)
1
1
Office for National Statistics https://www.ons.gov.uk
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1526
Table 1: The Ten Most Common Cyber-crimes in the UK based on the actual data from the Office for National
Statistics
No
Common Cyber-Crime
No of Reported Cases
Remarks
1
Bank account fraud
2,356,000
25% of customers opened ―Phishing‖ emails.
2
Non-investment fraud
1, 280,000
A Ponzi scheme is a fake investing scam
guaranteeing huge percentage of return with
barely any risk to investors. The Ponzi
scheme generates high returns for earlier
investors by securing new investors and will
eventually collapse as a result.
3
Computer virus
1,340,000
Unauthorized software such as Ransomware
which asks for ransom to recover your system
again.
4
Hacking
681,000
Hacking is unauthorized accessing to
information systems resources. Hackers are
criminals who abuse security weakness to
illegally access to the network to steal
sensitive information and send spam.
5
Advance fee fraud
117,000
The victim is ensured access to a significant
share of a huge amount of money, in return
for a small straightforward payment.
6
Other fraud
116,000
One of these examples is ―Solicitor Scam‖
where the hackers hack a lawyer webpage and
ask the client to transfer or redirect a huge
amount of money into the criminals’ bank
account.
7
Harassment and stalking
18,826
This is the use of the Internet to stalk or harass
persons, groups, or corporations. These might
encompass phony indictment, offence, abuse,
insult and smear. It may also include
observing, identity theft, threats, harm,
damage incitation for sex, or collecting data
and information that could be used to
intimidate, embarrass, humiliate, discomfit or
bully.
8
Obscene publications
6,292
―Pornography that meets the definition of the
Obscene Publications Act, thus generally
involving some form of physical abuse‖.
9
Child sexual offences
4,189
―Assault, grooming, indecent communication,
coercing a child to witness a sex act. These
crimes may be being under-reported
10
Blackmail
2,028
This is an act of cybercrime that involve false
and unwarranted threats to generate, obtain or
initiate harm to others unless a demand is
fulfilled
The growing importance of cybersecurity in the financial sector
According to a survey conducted by Cuomo & Lawsky (2014) that aims to evaluate the efforts of various financial
institutions in preventing and managing cybersecurity risks, the results showed that most institutions experience
different attempts of breaching and hacking into their IT systems, independent of their size and experience.
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1527
Moreover, almost all institutions claimed that they adopt a type of information security program and software and
employ communication officers to respond to various inquiries when a cyber-attack occurs.
Accordingly, ―Large investments in technology and training are required to mitigate against each of these risks‖
(VanBankers, 2016, p.10) and suggested that it is crucial for customers to be cooperative and knowledgeable about
the various cyber risks and to maintain privacy in security procedures. Financial institutions should measure and
control cyber-risk just as it ensures any other business risk. This issue is not straightforwardly the responsibility of
those teams in the server room, but rather a business-wide scheme involving all workers. Indeed, the increasing
cyber-attacks and breaches in recent years have emphasized the need to treat this type of risk like any other business
risks and to scan the market for signs of changes and threats continuously.
The Impact of Technological Advancement on Cybersecurity
Many organizations worldwide are being exposed to the unfavorable threat of electronic information violation,
making it difficult to manage risks and maintain safe data effectively. Hence, the significance of cybersecurity is
widely increasing.
Due to the vital ongoing improvements in information technology, many new criminal acts have arisen which are
difficult to cover under the regulations of cybercrimes as they fall outside the community’s morality, society, laws,
and politics (Al-Alawi, 2006, Al-Alawi, 2014, Spalević, 2014, Al-Alawi, Mehrotra, & Al-Bassam, 2020).
Accordingly, Spalević (2014) stated that cybercrime deals with the electronic environment as it can be defined as any
illegal actions taken against the computer information systems. Therefore, there is a need for implementing
cybersecurity to maintain safe information. Thus, various studies conducted by different researchers attempted to
enhance the understanding and importance of such a concept. One of the encouragements to undertake further
research is the terrible violation of data that occurred in 2013, where over 740 million records were illegally exposed
(Online Trust Alliance, 2014).
Risk approach for taking the risk out of’ cybersecurity
There is a need to identify the errors and, if needed, for an intervention, by firstly looking at the failure in the market
with respect to social and economic requirements within the financial sector which should be scrutinised properly as
well as analysed. Secondly, the need for the government to intervene in relevant cases of the financial sector should
be considered, while keeping in mind other feasible interventions as well as the outcome should also be
predetermined after the interventions are taken.
Some other challenges faced by the IT department are the technological changes and the security required to maintain
updated. Another aspect to be considered is the need for the proper human resource management which looks after
the skilled staff who find the right people for the right job, which is one of the significant challenges. And moreover
there are many companies who do not consider taking care of cybersecurity as one of the risk factors or as any threat
to the industry. They should be involved in early IT projects by making some early plans and to design the required
stages. All the technical skills need to be explained to the people not aware of the IT technical matters (Al-Bassam,
2018).
The National Institute of Standards and Technology (NIST) framework for cybersecurity is rising need for the
protection and the critical infrastructure (ISACA, 2017). This framework is based on the risk approach for taking the
risk out of cybersecurity. This framework provides sector stakeholders with the ability to:
Understand and use the framework to assess and improve their cyber resilience;
Assess their current- and target-cybersecurity posture;
Identify gaps in their existing cybersecurity risk management programs; and
Identify current, sector-specific tools and resources that map to the framework.
Nevertheless, to ensure the cybersecurity functions, a framework by the National Institute of Standards and
Technology (NIST) and the European Union Agency for Network and Information Security (ENISA) was developed
to establish five key functions crucial to protect the digital assets. ISACA (2017) indicated that these functions
synchronize with ―incident management methodologies and include the following activities:
Identify: Use organizational understanding to minimize risk to systems, assets, data, and capabilities.
Protect: Design safeguards to limit the impact of potential events on critical services and infrastructure.
Detect: Implement activities to identify the occurrence of a cybersecurity event.
Respond: Take appropriate action after learning of a security event.
Recover: Plan for resilience and the timely repair of compromised capabilities and services.‖
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1528
There is a need to look after the policy objectives. Firstly, all the policy objectives should be clearly explained for the
framework of financial regulation and governmental interventions. Secondly, all the policies taken into the
framework should be based on improvement and potentially benefit rather than loss incurring or being a failure.
Thirdly, the objectives should be prioritized appropriately concerning the financial sectors stability, with priorities
given in respect to their systemic risks.
Techniques to achieve cybersecurity
Today, several methods can be used to ensure the safety of organizations’ data. Arlitsch and Edelman (2014)
suggested that one of the crucial techniques leading to the achievement of cybersecurity is the proper management of
devices through the continuous applications of required updates. However, discovering an illegal breach is often
difficult. A study conducted by professionals indicated that the likelihood of identifying a small data violation is only
51%, while the possibility of discovering massive breaches of data is 68% (Öğüt, Raghunathan & Menon, 2011).
Consequently, these results suggest the need to conduct further research regarding cybersecurity as managers need to
be aware of such concepts.
Information is the most valuable resource in the company; for that reason, it must be kept safe, and organizations
must have a secure database to save such information from theft or damages. Damaging information would be
harmful to the organization, and this is the most dangerous thing that would happen to it. So, companies must
consider any attacks or theft of information while managing their risk. Cybersecurity was introduced for that reason;
an organization might consider and manage the risk well, but sometimes gaps will take place (Newman, 2006; Al-
Alawi, 2014).
Organizations nowadays must pay to have this important technology, especially banks and the finance sector, who
are facing cyber-attacks frequently. Cyber-attacks against financial services institutions are becoming more
frequent, more sophisticated, and more widespread. Although large-scale denial-of-service attacks against major
financial institutions generate the most headlines, community and regional banks, credit unions, money transmitters,
and third-party service providers (such as credit card and payment processors) have experienced attempted breaches
in recent years. (Cuomo & Lawsky 2014, p: 1).
The role of cybersecurity in risk management
Cybersecurity plays a significant role in managing a corporation’s risk, but senior managers tend to dedicate less
attention to cyber-attacks. Instead, they are waiting for the government to introduce some policies to solve
cybersecurity problems. Accordingly, Scully (2014) stated that organizations success is affected by cyber-attacks,
and CEOs must understand the problem and the concept of cybersecurity well and discuss this issue with their
technical staff regularly to detect and communicate between them any risks that would harm the organization.
Another article by Vande Putte and Verhelst (2014) discusses a critical and threatening concept, which is cyber-
crime. They said that managing risk and managing cyber-crime is not easy and is challenging; the effect of such risk
is increasing over time as technology increases. Therefore, it is essential to detect this dangerous risk as it leads not
only to losing information but also to losing confidence, and this can lead to bankruptcy.
Banks have a great deal of confidential information about their clients and their financial position, which should be
kept in a place safe from outsiders. Almost all enterprises around the globe today use the Internet to carry out
business, to promote and sell, to publicize, to discover new markets, buyers and workers, to communicate with
customers and suppliers, and to execute financial transactions. The Internet generates massive business gateways and
profits. Nonetheless, it also yields risks. There are daily attacks on the information technology systems by hacking,
damaging, accessing accounts, stealing information and money, or disrupting the business operations.
The cybersecurity issue requires a shift from the zone of the information systems professional to that of the top
management and board of directors (BOD), to ensure that suitable attention is paid to the scale of the risks involved.
The conventional method of considering cybersecurity in terms of building huge barriers and firewalls is, while still
necessary, no longer adequate. A holistic method to cybersecurity risk management across the institution, its
network, supply chains, and the bigger ecosystem is needed. Nevertheless, according to cybersecurity risk
management, outsiders should not know anything about the way the company protects its information.
Role of government and other bodies
Recently, many governments and other bodies have expressed their concern regarding this subject and initiate orders
and statements concerning the control of cyber-attacks and direct these institutions. According to McKendry (2015),
governments and organizational bodies in the USA order all financial institutions to supervise, utilize different
programs and software and ensure a high level of awareness of cyber threats to respond to them effectively.
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1529
Methodology
After studying the theoretical part of cybersecurity in the financial sector, quantitative data were collected from 26
financial institutions in the Kingdom of Bahrain. An online questionnaire was distributed to 100 managers and their
employees by email. They were advised to forward the survey hyperlink to their coworkers and colleagues in the
same and different banking and finance sector organizations. The survey was available online and accessible to
them using Google Forms for four weeks. The data was collected from 35 respondents from Conventional banks,
Islamic Banks, Insurance Companies, Investment Banks, Capital Market, and Specialized Banks who responded to
the questionnaire. The majority, almost 90%, were from conventional and Islamic banks. The questionnaire contains
demographic, multiple-choice, opinion questions, and open-ended questions. Data was analyzed to show the
percentages of every question that has been explained in the survey. Subsequently, results were obtained and
analyzed using Google Forms.
In order to answer the previous questions, a questionnaire was distributed to 26 financial institutions classified as
conventional banks, Islamic banks, insurance companies, investment banks, capital markets and specialized located in
the Kingdom of Bahrain to be filled by their managers and employees. Subsequently, data collected was analyzed to
enhance the significance of this study as well as answering the proposed questions.
The Study Findings
This section shows the data collection and data analysis process. It discusses the resultthe first part of the
questionnaire comprised demographic questions to determine the characteristics of the selected population.
As illustrated in Figure-1, half of the respondents were employees of conventional banks, while the other half
belonged to Islamic banks. To comply with the research purpose, the population selected consisted of employees
from the IT and Accounting departments that have cybersecurity job responsibilities.
Figure 1: The types of financial institutions
The second part of the questionnaire was addressed to identify the types of risks that have affected financial
institutions in Bahrain and the frequency of occurrence. According to Figure-2 and Figure-3, about 26% of financial
institutions in Bahrain encountered online identity theft, while 23% experienced intentional damages to computer
systems, and 11% faced hacking attempts. This variety of cyberthreats is evidence that cybersecurity is escalating and
evolving, at least every quarter, to the extent that they are disturbing the operations of organizations and their ability
to achieve their objectives.
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1530
Figure 2: Type of malicious activities that have affected the organizations.
Figure 3: The likely occurrence of malicious activities.
As cybersecurity issues continue to evolve, it is now the core focus of organizations board of directors (BOD).
Therefore, the third part of the questionnaire was targeted to investigate the role of boards of directors and other
executive directors to eliminate the threats of cyber-attacks. Consistently, according to Figure-4, the results showed
that cyber-attacks are immediately reported to the board of directors to take further actions. The respondents also
agreed that boards of directors express their deep concern about these attacks and put forward different attempts to
reduce cybersecurity risks. Figure-5 shows that the enforcement of security policies, providing security with
appropriate funding and mandating security awareness training, is among the most utilized methods by boards of
directors and executive managers to reduce cyber risks.
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1531
Figure 4: Reporting of cybersecurity attacks within the organization
Figure-5 shows that the enforcement of security policies, providing security with appropriate funding and mandating
security awareness training, is among the most utilized methods by boards of directors and executive managers to
reduce cyber risks.
Figure 5: The ways BOD and executive managers demonstrate to support cybersecurity risk mitigation.
A critical factor to determine the effectiveness of the cybersecurity method adopted is the knowledge and skills of
the team of employees that deal with cyber attempts. Therefore, the fourth part of the questionnaire was directed
towards the major skills that the employees lack in doing their job.
According to Figure-6, it was clear that the major skills gap that the organization sees among its employees is the
lack of technical skills, which is an essential skill that all employees should have to respond to the various cyber-
attacks. Also, the results revealed that communication is another skill gap that the employees lack. Without these
two critical skills, the organization will face difficulties in responding to complex or even simple issues. However,
these organizations are initiating different programs to develop the essential skills required to ensure the
effectiveness and strong performance of various tasks.
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1532
Figure 6: The significant skill gaps that an organization sees among its cybersecurity employees
Figure-7 demonstrates the different ways that organizations implement to develop critical technical skills. Most
organizations seem to prefer various training methods for employees, such as on-the-job training, the use of technical
training centers, third-party training providers, and certifications.
Figure 7: The various technical skills organizations are seeking to develop among their employee's education.
Moreover, according to Figure-8, the majority of respondents declared that they are confident about the security
teams ability to detect and respond to incidents but only for simple cases. Therefore, these organizations should
attempt to employ further methods to enhance their employees skills and abilities to respond to different levels of
threats.
Figure 8: The extent to which the organization is confident with its employee's abilities and skills.
As cyber-attack methods evolve over the years, the level of their complexity and sophistication increases as well.
Organizations today face more than one type of security breaches and attacks. Therefore, the fourth part of the
questionnaire was addressed to determine the various cyber-attacks that imposed threats on organizations security
and the extent to which cybersecurity assisted in detecting these threats.
According to Figure-9, the data demonstrate that the main threats that attack the financial institutions' security are
hackers, cybercriminals and non-malicious insiders. On the other hand, 31% of the organizations were exploited by
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1533
hackers, while 17% were exploited by social engineering and 14% of malware and insider theft equally.
Consequently, the financial institutions declared that cybersecurity assisted in detecting 75% of these threats (Figure-
10). Moreover, organizations did not fully agree on the likelihood that organizations would experience cyber-attacks
in the future.
Figure 9: The various threats that exploited the organization
Figure 10: The extent to which cybersecurity assists in detecting the various risks.
Figure-11 shows that organizations have opposing views on this matter, as 37% of respondents believe that their
organizations are likely to experience cyber-attacks in the future, and 31% believe that it is unlikely that their
organizations would experience cyber-attacks. The latter assumption may be as a result of cybersecurity
advancements and enhancement of the employees’ skills and abilities.
Figure 11: The extent to which an organization expects to experience cyber-attacks in the future.
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1534
Conclusion
The importance of cybersecurity and threats has risen recently due to the rise in technological usage within the
banking sector through the dependence on online banking and e-banking features. This has increased the cyber-
attacks by hackers and criminals in order to steal financial institutions’ valuable data and funds.
After analyzing the significant findings of this study, it can be concluded that among the various types of malicious
activities, financial institutions in Bahrain are mostly exposed to three types of risks. These risks are online identity
theft, deliberately damaging computer systems, and also dealing with hacking issues. In fact, more than half of these
financial institutions are facing these issues at least once every three months, which indicates a growing threat of
cyber-attacks. Therefore, banks report these attacks immediately to the board of directors to notify them or to the
auditing segment of the institution to avoid such threats.
Furthermore, the findings obtained provided the answers to the study’s questions. In response to the first question, it
seems that half of these banks are confident in their skills and knowledge, but this confidence is limited to simple
cases. In answer to the second question, the banking sector’s executive teams are supporting the cybersecurity
through enforcing security policy, supplying their organizations with security and its appropriate funding as well as
mandating security awareness training. In answer to the third question, it is agreed that the key skill to be able to
detect cyber-attacks is the technical skills, which can be enhanced by the appropriate training as decided by the
majority, which answers the fourth question. Finally, in answer to the fifth question, it seems that cybersecurity can
detect 75% of the risks facing banks.
In conclusion, the results indicated that the primary incentive behind the cyber-attacks is the financial gains, which
makes it obvious that financial institutions in Bahrain are being exposed to this significant risk.
Several limitations restrict this study. A significant one is the amount of feedback collected from the questionnaire, as
more responses would have added a higher value for this study. Despite the above limitations, the results obtained in
this study are significant for institutions of the banking and financial sector in Bahrain, as they can use these results as
guidelines for improving their employees’ skills regarding detecting various cyber-attacks. In addition, these findings
are of significant importance in extending the knowledge of cybersecurity and its impact on these financial
institutions.
References
Al-Alawi, A. I. (2005), Adoption and Awareness of Online Banking Issue among Mature Users. Asian Journal of
Information Technology, 4(9) pp. 856-860.
Al-Alawi, A. I., & Abdelgadir, M. F. (2006). An empirical study of attitudes and opinions of computer crimes: A
comparative study between UK and the Kingdom of Bahrain. Journal of Computer Science, 2(3), pp. 229-235.
Al-Alawi, A.I. (2014). Cybercrimes, Computer Forensics and their Impact in Business Climate: Bahrain Status.
Research Journal of Business Management, 8: 139-156. [Online],
http://www.scialert.net/qredirect.php?doi=rjbm.2014.139.156&linkid=pdf
Al-Alawi, A. I., Mehrotra, A. A., & Al-Bassam, S. A. (2020). Cybersecurity: Cybercrime Prevention in Higher
Learning Institutions. In Implementing Computational Intelligence Techniques for Security Systems Design (pp. 255-
274). IGI Global.
Al-Alawi, A. I., Al-Bassam, S. A., & Mehrotra, A. A. (2020). Critical Cybersecurity Threats: Frontline Issues Faced
by Bahraini Organizations. In Implementing Computational Intelligence Techniques for Security Systems Design (pp.
210-229). IGI Global.
Al-Bassam, A.M (2018), Investigating the Factors related to Cybersecurity Awareness in Bahraini Banking Sector,
(Master theses, Arabian Gulf University (AGU), Salmanya, Kingdom of Bahrain) and supervised by Prof. Adel
Ismail Al-Alawi. Unpublished dissertation, available from AGU Library.
Arlitsch, K., & Edelman, A. (2014). Staying Safe: Cyber Security for People and Organizations. Journal of Library
Administration, 54(1), pp. 46-56.
BBA and PWC (2014). The cyber threat to banking: A global industry challenge, [online], [Retrieved April 22, 2017]
https://www.bba.org.uk/wpcontent/uploads/2014/06/BBAJ2110_Cyber_report_May_2014_WEB.pdf
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1535
Cawley, J. (2017). The Impact of Cyber Attacks on the Banking System. [Online] [Retrieved December 22, 2017]
https://wall-street.com/impact-cyber-attacks-banking-industry/
Cuomo, A. M., & Lawsky, B. M. Report on Cyber Security in the Banking Sector, New York State Dept. of Financial
Services, 2014. [Online], [Retrieved May, 22, 2017]
https://cybersecuritylawandpolicy.files.wordpress.com/2014/05/new-york-state-department-of-financial-services-
report-on-cyber-security-in-the-banking-sector.pdf
ISACA (2017), CSX Cybersecurity Fundamentals Study Guide 2nd Edition January 1, 2017 [online] [Retrieved
April, 22, 2017] https://cybersecurity.isaca.org/csx-resources/cybersecurity-fundamentals-study-guide
McGoogan, C. (2017), Cyber Attacks against Financial Services Cost Consumers 8bn, [online], [Retrieved April 22,
2017]
http://www.telegraph.co.uk/technology/2017/02/27/cyber-attacks-against-financial-services-cost-consumers-8bn/
McKendry, I., (2015). With New Tool, Agencies Close In on Formal Cyber Standards. American Banker, APR 9,
2015. [Online] [Retrieved March, 12, 2017]
http://www.cbaofga.com/uploads/4/1/3/7/41371065/with_new_tool,_agencies_close_in_on_formal_cyber_standards_
__american_banker.pdf
Kuepper, J (2017) Cyber Attacks and Bank Failures: Risks You Should Know, 21-01-2017, available at: Countering
Terrorist Activities in Cyberspace, Z. Minchev & M. Bangladesh (eds)
Newman, R. C. (2006, September). Cybercrime, identity theft, and fraud: practicing safe internet-network security
threats and vulnerabilities. In Proceedings of the 3rd annual conference on Information security curriculum
development, ACM, pp. 68-78.
Öğüt, H., Raghunathan, S., & Menon, N. (2011). Cyber Security Risk Management: Public Policy Implications of
Correlated Risk, Imperfect Ability to Prove Loss, and Observability of Self‐Protection. Risk Analysis, 31(3), pp. 497-
512.
Online Trust Alliance (2014), 2014 Data Protection & Breach Reading Guide, [online], [Retrieved April, 11, 2017]
https://otalliance.org/system/files/files/bestpractices/documents/2014otadatabreachguide4.pdf
Scully, T. (2014). The cyber security threat stops in the boardroom. Journal of business continuity & emergency
planning, 7(2), pp. 138-148
Spalević, Ž. (2014). Cyber Security as a Global Challenge of the Modern Era. Sinteza 2014-Impact of the Internet on
Business Activities in Serbia and Worldwide, pp. 687-692.
Summerfield, R (2014). Banking system faces cyber threat. Financier Worldwide Magazine, August 2014 Issue.
[Online], [Retrieved April, 22, 2018] https://www.financierworldwide.com/banking-system-faces-cyber-
threat#.W7dKcHszZdg
UK Government (2017), Almost half of UK firms hit by cyber breach or attack in the past year
Nearly seven in ten large companies identified a breach or attack, new Government statistics reveal, Press release,
[Online], [Retrieved April 22, 2019] https://www.gov.uk/government/news/almost-half-of-uk-firms-hit-by-cyber-
breach-or-attack-in-the-past-year
VanBankers (2016). Cybersecurity in Banking. [Online], [Retrieved April, 22, 2017]
www.vabankers.org/LiteratureRetrieve.aspx?ID=155390
Vande Putte, D., & Verhelst, M. (2014). Cyber crime: Can a standard risk analysis help in the challenges facing
business continuity managers?. Journal of business continuity & emergency planning, 7(2), pp. 126-137.
Journal of Xidian University
VOLUME 14, ISSUE 7, 2020
ISSN No:1001-2400
http://xadzkjdx.cn/
https://doi.org/10.37896/jxu14.7/174
1536
... Additionally, the usage of IoT on FinTechs in the digital environment has been mentioned precisely. Contrarily, Al-Alawi [44] has demonstrated the advantages of applying cyber security and its significant effects on banking institutions. It has used an online questionnaire method to identify the risk types in Bahrain. ...
Article
Full-text available
An anomaly, defined as something that deviates from what is normal, expected, or usual. It signifies abnormality or an irregularity that stands out from typical behaviours or patterns. Detecting anomalies is significant among numerous sectors due to the reasons of signal potential difficulties or opportunities. For an instance, in retail, detecting anomalies in sales data might prompt for further analysis into operational issues or customer behaviour to reduce losses and capitalize on its trends. Hence, different techniques are used for Anomaly Detection. However, anomaly detection using manual method are measured for time consuming, prone to error and can be tedious process. Therefore, different approaches have been considered for anomaly detection as AI (Artificial Intelligence) methods are efficient, faster, provides high level accuracy by effectively detecting the abnormalities. Owing to these aspects, this paper focuses on compiling different techniques and emphasizes on reviewing all anomaly detection using numerous techniques like ML (Machine Learning) and DL (Deep Learning) classifiers, statistical methods, one-class classification, clustering and density-based models which helps with identifying and comprehending the diversity of detection techniques that are applied in various domains like finance, retail, healthcare and cyber security. Various existing researches on anomaly detection are reviewed in the study. In addition to an overview, certain studies also deals with applications of detection models and future trends are reviewed in precise. Finally, the challenges are identified through the analysis of existing researchers and future recommendations are provided for overcoming the gaps that are intended to create promising work in this area.
... Cybersecurity has significant scientific relevance to the constantly changing nature of cyber threats and the growing reliance on digital technology in our linked society. For some reason, Cybersecurity research is essential [1], [2]. Fig. 1 illustrates the significance of cybersecurity. ...
Conference Paper
Full-text available
Cybersecurity is the process of defending computer networks, systems, and digital data from intrusions, hacks, damage , and other cyber threats. It also prevents illegal access, and exploitation of sensitive and personal data, including financial records, healthcare information, and intellectual property. It is essential to extract the security incident patterns from the cybersecurity data to build a data-driven model. The data-driven model assists in making a cybersecurity system intelligent and automated. To analyze and extract features and knowledge from structured and unstructured data several techniques, algorithms, and processes are used that are known as data science. As the review is based on "Cybersecurity data science" So, this report is focused on recent cybersecurity data science. In this review, the research significance of cybersecurity has been explained clearly and recent activities on cybersecurity briefly described.
Thesis
Full-text available
In the dynamic landscape of the UK financial services sector, characterized by extensive digitization and a shift towards a cashless society, data privacy emerges as a paramount challenge. This dissertation, titled "Enhancing Data Privacy and Protection in the UK Financial Services Sector through Cybersecurity," explores the interdependence of data risks, privacy, and security. Grounded in GDPR compliance, the research examines existing cybersecurity gaps, emphasizing the need for robust measures to combat threats such as unauthorized access and privacy breaches. By proposing actionable frameworks tailored to financial institutions, the study aims to bolster trust, safeguard sensitive data, and navigate the complexities of evolving regulations. This work fills critical gaps in existing literature and highlights the societal and financial ramifications of inadequate data protection, driving the UK financial sector toward a more secure future.
Article
Full-text available
The rapid expansion of online banking has introduced significant convenience and accessibility for consumers and financial institutions alike. However, it also brings a substantial increase in cybersecurity threats, making online banking systems prime targets for cybercriminals. This paper provides a comprehensive examination of the prevalent cybersecurity threats that online banking faces, including phishing attacks, malware, ransomware, man-in-the-middle (MITM) attacks, insider threats, and distributed denial-of-service (DDoS) attacks. We analyze these threats in-depth, exploring how each tactic is deployed to compromise security and exploit vulnerabilities within online banking systems. Moreover, this paper discusses specific vulnerabilities that exist in online banking platforms, such as weak authentication practices, insecure network connections, outdated software, and risks associated with third-party integrations. Through tables and graphical data, the paper offers a clear overview of the most common vulnerabilities and their prevalence, providing insights into how these weak points are exploited in the cyber landscape. The impact of such cybersecurity breaches on financial institutions is also considered, highlighting the consequences that follow a security breach, such as financial losses, reputational damage, regulatory fines, and customer distrust. The findings reveal that these impacts not only affect individual financial institutions but can also undermine public confidence in digital banking as a whole. Finally, the paper proposes several strategic defenses against these threats. Solutions include multi-factor authentication, end-to-end encryption, robust threat monitoring, regular security audits, and customer education initiatives, among others. Statistical data on the effectiveness of these strategies demonstrates their role in mitigating cyber risks and fortifying online banking systems against future attacks. This study concludes by emphasizing the critical need for continuous innovation in cybersecurity practices, as cyber threats continue to evolve in sophistication.
Article
Full-text available
Village funds play a crucial role in local development, especially in rural areas often marginalized in national development. However, a case study in South Aceh Regency highlights misuse of these funds through fictitious projects and price manipulation, harming public finances and hindering local economic growth. The study surveyed the entire population of 260 villages in South Aceh Regency. Using a formula considering 28 variable indicators and 4 research dimensions, a minimum sample size of 112 respondents was determined. The sample included Village Officials, Finance Section Heads, Development Section Heads, and Tuha Peut (village elders), and was increased to 120 respondents to ensure representativeness and reliability. Data analysis, conducted using Smart PLS software with the SEM model. The results indicate significant positive relationships between Fraud Prevention and The Welfare of Society p value 0.002, as well as between Development Planning and Human Resources p Value 0.006. These findings suggest that effective fraud prevention measures and robust development planning efforts contribute to enhancing overall well-being and human resource capacity in rural communities. They emphasize the importance of implementing strategies addressing financial integrity and socio-economic development concurrently to drive sustainable progress. Conversely, hypotheses H2, H3, and H5 are not supported by the analysis, indicating no significant relationships between Fraud Prevention and Human Resources p value 0.919, Development Planning and The Welfare of Society p value 0.458, as well as Human Resources and The Welfare of Society p value 0.637.
Article
Full-text available
Access to the 2022 National Survey of Financial Literacy and Inclusion (SNLIK) shows that the Financial Literacy index of Indonesian society is 49.68%, and financial inclusion is 85.10%. It shows that the Indonesian public's understanding of banks, especially digital banks, is still 49.68% compared to the number of banking transactions carried out at 85.10%. It causes potential banking legal risks. This research analyses digital bank risk management and the potential for digital bank crime. This research uses research methods, namely normative literature study, which involves reviewing statutory provisions and reading journals related to the research. The approaches used are statutory and concept approaches. The Financial Services Authority (OJK) has issued regulations providing a legal umbrella for digital banking to protect customers from these risks, namely Financial Services Authority Regulation Number 18/POJK.03/2016 concerning implementing Risk Management for Commercial Banks. However, overcoming risks is not only a countermeasure carried out by banks but also by customers to maintain the security of their data and be careful when carrying out online transactions. Apart from that, the countermeasures carried out by law enforcement officials are taking repressive action in dealing with cases of digital bank crime. All elements of society should work together to overcome the risk of digital banking crime.
Article
This research uses quantitative data analysis and a qualitative exploratory method to examine how organisations embrace innovative cybersecurity solutions. The study looks at organisational policies, governance frameworks, strategic approaches, and cultural aspects that affect technology adoption using a stratified random sample technique. Structured questionnaires & feedback forms provided the data, which were then analysed using AMOS and SPSS statistical software with an emphasis on structural equation modelling (SEM) to investigate correlations between variables. A supportive organisational culture positively correlates with technology adoption (χ² = 41.179, df = 31, p < 0.001, CMIN/DF = 1.328, RMSEA = 0.034), and organisations with a proactive strategic approach were more successful in implementing cybersecurity technologies (χ² = 50.400, df = 26, p < 0.001, CMIN/DF = 1.938, RMSEA = 0.058). The research also finds that while comprehensive policies influence adoption via efficient training programs, employee involvement completely mediates the association between organisational culture and technology adoption. These findings demonstrate how crucial culture, employee participation, strategic planning, and training are to the successful integration of cybersecurity technology.
Article
Full-text available
Cybersecurity incidents, such as data breaches, pose a significant threat to organisations. Shockingly, 95% of these incidents occur due to human errors. Despite organisations making substantial efforts to reduce the likelihood of such occurrences through technological and non-technological means, the frequency of these incidents has been increasing. Previously, organisations relied on technology as the primary barrier to minimise cybersecurity incidents and achieve their objectives. Although research indicates that humans are the weakest link in an organisation's efforts to combat cybersecurity incidents, organisations still consider technology as the key to improving security defences. Therefore, the researchers suggest improving human interventions should precede technological means to overcome the problem. They propose that existing information security plans should consider human factors in cybersecurity risk management. Prioritising an understanding of human factors in managing information security can help organisations identify the relationships between various dimensions of human errors and cybersecurity incidents. To achieve this, the paper suggests solving the human factor problem in cybersecurity incidents by explaining how DuPont's Dirty Dozen framework, commonly used in aviation, can help understand why cybersecurity incidents and accidents occur. The framework lists twelve human behaviours that can be used to understand the relationships between various dimensions of human errors and cybersecurity incidents. By understanding these relationships, organisations can improve their cybersecurity strategies by anticipating, mitigating, and resolving issues more effectively and efficiently.
Article
Full-text available
In today’s banking sector, there has been a significant rise in the utilization of digital technologies and devices. The significance of digital security is a paramount concern for all individuals. Cybersecurity is of utmost importance in safeguarding the information and data provided by customers. The main objective of the study is to examine the magnitude of the cybersecurity landscape in the banking industry. This research uses the R package and the VOS viewer to conduct bibliometric data analysis. The study examines a comprehensive selection of 150 scholarly articles published within the specified timeframe of 2003 to 2023, as retrieved from the Scopus database. The findings indicate a notable upward trajectory of 18.92% in publishing articles derived from their yearly production. The research analyzed the network to explore the co-occurrences of keywords related to cyber security, network security, cybercrime and fraud. The result reveals a rising pattern in the production of articles in 2019 and 2023 and the average citation of the article is at peak in 2018.
Chapter
Full-text available
One common reason for cybercrime is the goal of damaging a business by hacking or destroying important information. Another such reason is the criminal's goal of gaining financially from the hack. This chapter analyzes Bahraini organizations' vulnerability to digital security threats. It has used qualitative research to analyze industry performance. Moreover, with the support of secondary research, it has also explored cybersecurity threats faced by such organizations. The discussion based on secondary data analysis has explored two major aspects of Bahraini organizations and the cybersecurity threats they face. Firstly, the data and finances of both sectors are at huge risk in Bahraini organizations. Secondly, one important aspect of exploration has been to identify the most frequently encountered forms of cybercrime. Its analysis reveals that the kind of cybersecurity threat that a business is most likely to face is cyberwarfare. This may affect two rival businesses while they are competing with each other. Competitors' data may be destroyed or hacked—leading to long-term losses.
Chapter
Full-text available
The internet has revolutionized the way people communicate, how they manage their business, and even how they conduct their studies. Organizations can conduct meetings virtually and store all their data online. With this convenience, however, comes the risk of cybercrime (CC). Some of the world's most renowned organizations have found themselves having to incur huge recovery costs after falling prey to CC. Higher learning institutions' databases are increasingly falling victim to CCs, owing to the vast amounts of personal and research data they harbor. Despite this, the area of CCs in learning institutions remains understudied. This chapter seeks to identify how CC is manifested in such institutions and the specific cybersecurity measures that stakeholders could use to minimize their exposure to the same. The qualitative case study was designed to explore the research questions, and collected data through semistructured interviews. The findings showed hacking, phishing, and spoofing as the most common manifestations of cybercrime in higher learning institutions.
Article
Full-text available
Researching on certain factors that play a vital role in the cybercrimes taking place in Bahrain. Cyber-attacks and crimes are the consequences that balance out the advantages gained from daily advancements in technologies. These attacks come in many forms. Customer awareness' is crucial to fight cybercrimes and many studies have reflected that millions of dollars are lost due to computer crimes and attacks. The conclusions of this study are based on an actual data collected from the Ministry of Interior (MOI) in Bahrain. The research findings indicate that a variety of cases being reported at the MOI. A remarkable discipline has been developed to limit and investigate computer crimes related issues: computer forensics. The Economic Imp act of Cybercrimes in Business and global has been discussed. In this study computer crimes as well as computer forensics are discussed and supported by actual data from MOI and research evidences found in literatures.
Article
Full-text available
In this digital age we are constantly becoming more reliant on technology and information systems in all walks of life. There is no doubt that Computer systems play a fundamental role in the basic operation of almost all organizations today. The emergence of the Internet has played a major role in exploiting new opportunities and markets for many businesses today and has also revolutionized the way information is shared globally. With the increased use of computer networks as a means of sharing data, the need to protect and preserve the integrity of data arises due to the increase in unauthorized access of organizational computer systems. It has become a major challenge for organizations to identify and counter these threats. Computer crime has emerged as one of the major forms of sabotage causing millions of dollars worth of damage annually. These attacks usually come in the form of viruses, worms, denial of service attacks and hacking this study will attempt to compare the opinions on computer crimes of the online society in the Kingdom of Bahrain with that of a study conducted in Great Britain. Similarly this study will also try to measure the perceived level of safety the online public enjoys and use these results to determine weather there is a relationship between the perceived level of online safety and the willingness to conduct online transactions. The issue of “software piracy” will also be discussed with respect to copyright laws in the Kingdom of Bahrain.
Article
The attitude that 'it won't happen to me' still prevails in the boardrooms of industry when senior executives consider the threat of targeted cyber intrusions. Not much has changed in the commercial world of cyber security over the past few years; hackers are not being challenged to find new ways to steal companies' intellectual property and confidential information. The consequences of even major security breaches seem not to be felt by the leaders of victim companies. Why is this so? Surely IT security practitioners are seeking new ways to detect and prevent targeted intrusions into companies' networks? Are the consequences of targeted intrusions so insignificant that the captains of industry tolerate them? Or do only others feel the pain of their failure? This paper initially explores the failure of cyber security in industry and contends that, while industry leaders should not be alone in accepting responsibility for this failure, they must take the initiative to make life harder for cyber threat actors. They cannot wait for government leadership on policy, strategy or coordination. The paper then suggests some measures that a CEO can adopt to build a new corporate approach to cyber security.
Article
Risk management has never been easy. Finding efficient mitigating measures is not always straightforward. Finding measures for cyber crime, however, is a really huge challenge because cyber threats are changing all the time. As the sophistication of these threats is growing, their impact increases. Moreover, society and its economy have become increasingly dependent on information and communication technologies. Standard risk analysis methodologies will help to score the cyber risk and to place it in the risk tolerance matrix. This will allow business continuity managers to figure out if there is still a gap with the maximum tolerable outage for time-critical business processes and if extra business continuity measures are necessary to fill the gap.
Conference Paper
Computer networks and computer systems are experiencing attacks and threats from many areas. Threats are also extended to include the individual user's computer assets and resources. Information will be presented on the categories of security and privacy threats, integrity threats, vulnerabilities, delay and denial threats, and intellectual property threats that are being directed towards corporate, educational, governmental, and individual assets.
Article
The correlated nature of security breach risks, the imperfect ability to prove loss from a breach to an insurer, and the inability of insurers and external agents to observe firms' self-protection efforts have posed significant challenges to cyber security risk management. Our analysis finds that a firm invests less than the social optimal levels in self-protection and in insurance when risks are correlated and the ability to prove loss is imperfect. We find that the appropriate social intervention policy to induce a firm to invest at socially optimal levels depends on whether insurers can verify a firm's self-protection levels. If self-protection of a firm is observable to an insurer so that it can design a contract that is contingent on the self-protection level, then self-protection and insurance behave as complements. In this case, a social planner can induce a firm to choose the socially optimal self-protection and insurance levels by offering a subsidy on self-protection. We also find that providing a subsidy on insurance does not provide a similar inducement to a firm. If self-protection of a firm is not observable to an insurer, then self-protection and insurance behave as substitutes. In this case, a social planner should tax the insurance premium to achieve socially optimal results. The results of our analysis hold regardless of whether the insurance market is perfectly competitive or not, implying that solely reforming the currently imperfect insurance market is insufficient to achieve the efficient outcome in cyber security risk management.