Fortifying fintech: A board-level blueprint for prioritised cyberdefence

Fortifying fintech
  • Publication
  • 3 minute read
  • September 18, 2024

As the region sets out on an ambitious growth path for fintech, cybercrime remains a board-level priority across the financial sector. Trust in fintech is heavily reliant on solution providers’ ability to ward off cyberattacks and capably protect end users’ data. Recent fintech breaches such as the Lykke cyberattack in June 2024 and the Revolut hack in July 2023 have rattled stakeholders’ confidence.

 

This article, the first in PwC’s four-part thought-leadership series, provides actionable insights to fintech leaders on the core technology domains to prioritise in their cybersecurity purview. A baseline fintech architecture is established and validated against the practical case of a digital wallet executing a payment process. An objective analysis of the baseline architecture is then performed to distil three focal areas crucial to fintech cybersecurity. The author argues that these focal areas warrant ongoing board oversight in order to ensure sustained cyber assurance, mitigate risks, and to elevate public trust in fintech.

Introduction

Fintech in the MENA region is poised for robust growth, built on the foundation of visionary national transformation agendas, a strong regulatory environment, and a young and ambitious population. The MENA fintech market size is estimated at US$1.51 billion in 2024, and is expected to reach $2.40 billion by 2029, with a healthy annual growth of 9.71%.

With strong government ambition setting the region’s fintech vision, the growth roadmap stems from initiatives strategically dispersed at various financial hubs. These range from Abu Dhabi Global Market (ADGM) and Bahrain Fintech Bay to Fintech Saudi and the Dubai International Financial Centre (DIFC) FinTech Hive.

National fintech strategies have also been established by Bahrain, Saudi Arabia, Qatar, and the UAE. Further fintech impetus is provided by government-sponsored accelerators and incubators such as regulatory “sandboxes”.

Elevating trust in fintech: The pivotal role of cybersecurity

End users play a major role in the MENA fintech growth story. A predominantly young user base with a tech-first mindset to their finances is enabling fintechs to scale growth, riding on already well-established infrastructure for internet and mobile connectivity. 

However, fintech’s MENA growth path is not unhindered. Most of the MENA population, as much as 83%, still follows traditional, time-tested approaches to money management, with roots intact in legacy banking systems.

Elevating fintech trust requires a paradigm shift in users’ mindsets that encourages a pivot from traditional banking towards fresher fintech alternatives. Trust in fintech sits upon several pillars: Brand equity, regulatory compliance, transparent billing plans, alliances with established financial bodies, financial stability, and data privacy. The most pressing issue has consistently been cybersecurity.

Cybercrime undermines trust in fintech, as illustrated by recurrent instances of cyber fraud in the sector. PwC’s report delves into recent fintech cyber incidents that rocked market confidence in the sector.

Cybercrime's omnipresent, always-on character warrants board-level oversight in the context of business survival, as opposed to a regulatory afterthought. Fintechs’ tech-first approach to managing money means that a robust cybersecurity strategy anchored in clear governance and accountability is a board-level imperative.

Establishing a board-level blueprint for prioritised cyberdefence

Boards, venture capitalists (VCs), and executive leaders have traditionally struggled to quantify the business implications of cybersecurity. CISOs rely on metrics such as Return on Security Investment (RoSI) and compliance with regulatory frameworks from bodies including the Saudi Data and AI Authority (SDAIA), Saudi Central Bank (SAMA), and Central Bank of the UAE to convey cybersecurity performance in business language.

Fintech boards can do more to deepen their oversight. Whilst deep technical reviews would be a disproportionate response, boards should instead opt for a prioritised approach – one that reviews the cyber postures of their most crucial technical elements.

What’s next?

This article, the first in PwC Middle East’s four-part series, highlights the need for fintech boards to augment business-driven cybersecurity KPIs with a prioritised technical angle. The article identified three crucial cybersecurity pillars that must be overseen by fintech leaders to foster trust and mitigate cyber risks.  Codenamed the Gatekeeper, the Middle-Man, and the Treasurer, the article argued that these crucial pillars must be addressed in any board-level report on fintech cybersecurity. 

Our upcoming articles in this series will focus on each of the critical pillars, and further decode their role in fortifying fintech.

Download the full article here:

Fortifying fintech: A board-level blueprint for prioritised cyberdefence

Download (PDF of 2.52mb)

Author

Praveen Joseph Vackayil

Senior Manager, Technology Consulting, PwC Middle East

+971 50 182 6478

Email

Contributors

Fady Chalhoub

Cybersecurity and Digital Trust Partner, PwC Middle East

Email

Samer Omar

Cybersecurity & Digital Trust Leader, PwC Middle East

Email

Contact us

Bassam Hajhamad

Bassam Hajhamad

Qatar Country Senior Partner, PwC Middle East

Ahmed AlKiswani

Ahmed AlKiswani

Partner, Regional Financial Services Leader, PwC Middle East

Tel: +97450098446

Dmitry Lukin

Dmitry Lukin

Qatar Financial Services Consulting Director, PwC Middle East

Follow us