Fortifying fintech: A board-level blueprint for prioritised cyberdefence

Introduction

Fintech in the MENA region is poised for robust growth, built on the foundation of visionary national transformation agendas, a strong regulatory environment, and a young and ambitious population. The MENA fintech market size is estimated at US$1.51 billion in 2024, and is expected to reach $2.40 billion by 2029, with a healthy annual growth of 9.71%.

With strong government ambition setting the region’s fintech vision, the growth roadmap stems from initiatives strategically dispersed at various financial hubs. These range from Abu Dhabi Global Market (ADGM) and Bahrain Fintech Bay to Fintech Saudi and the Dubai International Financial Centre (DIFC) FinTech Hive.

National fintech strategies have also been established by Bahrain, Saudi Arabia, Qatar, and the UAE. Further fintech impetus is provided by government-sponsored accelerators and incubators such as regulatory “sandboxes”.

Elevating trust in fintech: The pivotal role of cybersecurity

End users play a major role in the MENA fintech growth story. A predominantly young user base with a tech-first mindset to their finances is enabling fintechs to scale growth, riding on already well-established infrastructure for internet and mobile connectivity. 

However, fintech’s MENA growth path is not unhindered. Most of the MENA population, as much as 83%, still follows traditional, time-tested approaches to money management, with roots intact in legacy banking systems.

Elevating fintech trust requires a paradigm shift in users’ mindsets that encourages a pivot from traditional banking towards fresher fintech alternatives. Trust in fintech sits upon several pillars: Brand equity, regulatory compliance, transparent billing plans, alliances with established financial bodies, financial stability, and data privacy. The most pressing issue has consistently been cybersecurity.

Cybercrime undermines trust in fintech, as illustrated by recurrent instances of cyber fraud in the sector. PwC’s report delves into recent fintech cyber incidents that rocked market confidence in the sector.

Cybercrime's omnipresent, always-on character warrants board-level oversight in the context of business survival, as opposed to a regulatory afterthought. Fintechs’ tech-first approach to managing money means that a robust cybersecurity strategy anchored in clear governance and accountability is a board-level imperative.

Establishing a board-level blueprint for prioritised cyberdefence

Boards, venture capitalists (VCs), and executive leaders have traditionally struggled to quantify the business implications of cybersecurity. CISOs rely on metrics such as Return on Security Investment (RoSI) and compliance with regulatory frameworks from bodies including the Saudi Data and AI Authority (SDAIA), Saudi Central Bank (SAMA), and Central Bank of the UAE to convey cybersecurity performance in business language.

Fintech boards can do more to deepen their oversight. Whilst deep technical reviews would be a disproportionate response, boards should instead opt for a prioritised approach – one that reviews the cyber postures of their most crucial technical elements.

What’s next?

This article, the first in PwC Middle East’s four-part series, highlights the need for fintech boards to augment business-driven cybersecurity KPIs with a prioritised technical angle. The article identified three crucial cybersecurity pillars that must be overseen by fintech leaders to foster trust and mitigate cyber risks.  Codenamed the Gatekeeper, the Middle-Man, and the Treasurer, the article argued that these crucial pillars must be addressed in any board-level report on fintech cybersecurity. 

Our upcoming articles in this series will focus on each of the critical pillars, and further decode their role in fortifying fintech.