Cykube Blog

Why have these attacks increased? The work-from-home concept practiced by employees during the coronavirus pandemic has caused a sudden multifold increase in cyberattacks. Organisations now have a much wider area to ensure protection so that no loopholes are left open that will allow cybercriminals to enter an organisation's network. As an example, there was a 667% increase in spear-phishing email attacks since the end of February alone.

Spear-phishing is simply a mechanism used by cybercriminals to disguise as a trustworthy entity in an electronic communication to steal sensitive data such as usernames, passwords and credit card details for malicious purposes. In the financial services industry, these attacks are especially targeted at bank executives, particularly in private banks, acting as high-net-worth prospective customers. Working from home, as well as the inability to meet face to face, just makes it easier for the executives to fall into this trap. By clicking the links sent by the cybercriminals, it could end up targeting the individual or even compromising the bank's entire infrastructure with ransomware. This is just one of the many scenarios.

Cybersecurity is one of the biggest risks institutions are facing globally and Islamic banks are not immune from this either. The CIBAFI Islamic Global Bankers Survey 2019 ranked cyber risk as the number one risk facing Islamic banks. The World Economic Forum cites a global value of US$5.2 trillion that will be at risk from cyberattacks in the 2019–23 period.

What can Islamic banks do to minimize the risk of cyberattacks?

One of the fundamental steps is to have in place a clearly defined cybersecurity strategy with a cyber risk management policy. Many banks have not focused on this matter, and either do not have any strategy at all or the strategy is flawed. According to some Islamic bank senior executives whom I have personally met, their response to my question about a cybersecurity policy/strategy was, interestingly: "We are too small for cybercriminals to attack us." This is the biggest misconception. It is not a matter of 'if' anymore but 'when'. It will happen to every financial institution, it is just a matter of time.

Cyberattacks do not only cause a loss of customers' data or capital but also cause a bigger risk for banks such as reputational risk, which has a domino effect on the bank's credibility and reflects the operational failure of the bank's risk management policies. If a bank's reputation is at risk and customers risk losing their money and sensitive information, this could have a systemic impact on the financial institution. Hence, it is no longer a chief information officer or chief information security officer who will take care of the situation but the CEO, CFO and board equally need to ensure compliance with security policies.

How can Islamic banks introduce a well-defined risk management policy for protection from the imminent threat of cyberattacks? First and foremost, banks need to define their risk appetite which needs to be set and approved by the board members. The next fundamental step is to determine what procedures and risk mitigation policies banks have in place in case of a real cyberattack leading to the temporary disruption of the bank's digital services and the compromise of clients' data.

Institutions can manage their risks effectively if there is support from senior management and defined risk management processes and policies are in place. A risk-aware culture and regular assessments of defined risks against the objectives of the organisation are also key.

The primary objectives of the risk management process are to identify the key threats and issues, assess the impact, communicate with the key stakeholders within the organization and address the consequences. It can only be effective once these risk management activities are embedded within the business process such as responding to incidents, product development and design, and sales and social media campaigns.

Awareness of cyberattacks and the associated risks should be communicated regularly across the organisation. There should be dedicated training hours allocated for cybersecurity for all members of the organisation which should be made mandatory. This keeps them abreast of all the latest developments and threats to be aware of as cyber risks are constantly changing.

Ideally, banks should have a separate budget allocation for cybersecurity with a clear key performance indicator of what level of risks would be mitigated using this budget. This goes back to the first question of risk appetite. This budget can only be set once banks have performed a full risk analysis along with commercial exposure in case of an attack materializing. It allows a bank to explore the degree to which its assets require protection and how this can be managed effectively.

Generally, in most organizations there is a serious disconnect between the business executives and board members. To bridge this gap, it is important to have a clear understanding and support among the board members and the executive committee, which will allow them to have a unified cyber risk management and mitigation policy across the organization. It is equally, or even more, important for an Islamic bank's management and executive board to ensure a high level of security since they are appointed as the custodians of clients' funds and data and it is their moral and ethical responsibility to have a well-defined and executed cybersecurity strategy to protect them.

In conclusion, it is an ongoing process and to be able to thwart cyberattacks on your organization, you continuously need to be at par with or one step ahead of the latest tricks and tactics of cybercriminals.

In that relatively short space of time the industry has grown rapidly and the global market now exceeds US$1.1 trillion in assets with 716 Islamic financial institutions spread over 61 countries making over US$13.1 billion in profit. Islamic banking assets are forecast to reach US$1.8 trillion this year.

Islamic finance aims to create business activities that generate a fair and equitable profit from transactions that are backed by real assets. This method of financing avoids usury, uncertainty, short selling and excessive credit creation whilst encouraging sound risk management procedures.

Islamic finance reached the UK in the 1980s with the first commodity Murabaha transactions and the launch of the first UK Islamic bank, Al Barakara International in 1982. During the 1980s a number of investment banks offered bespoke Sharia compliant products to their Middle Eastern clients, mostly in the areas of trade finance, leasing and project finance.

It was not until the industry received political and regulatory support that momentum started to build. In 2000 an Islamic finance working group was set up under the leadership of Andrew Buxton, former Chairman of Barclays Bank and Eddie George of the Bank of England. The working group included representatives from the Treasury, FSA, the Council of Mortgage Lenders, financial institutions and members of the Muslim community.

Since the formation of this working group the UK Government and regulators have attempted, through the addition of Alternative Finance clauses to various Taxation Acts, to create a market environment where Islamic banks and their clients are not treated any differently to their conventional counterparts. For example Stamp Duty Land Tax was amended in order to remove double stamp duty on Sharia compliant mortgages.

As the industry has developed the breadth of products and services has improved and now compete with the offerings of conventional financial institutions. In 2012 the UK was ranked the 9th largest country by Sharia compliant assets with more than 20 institutions offering Islamic finance and six wholly Sharia compliant banks.

The Sukuk (Islamic bonds) market is the engine room of the Islamic finance market and London, as a major centre for the issuance and trading of International bonds is a natural home to list and trade Sukuk. A total of US$34 billion has been raised through 49 issues of Sukuk on the London Stock Exchange (LSE). The first Sukuk listed on LSE was for the UAE-based National Central Cooling Company (Tabreed) for the amount of US$200 million in 2007. There are also Sharia compliant institutions listed on AIM and seven Sharia compliant Exchange Traded Funds (ETFs) based on Islamic indices listed on the LSE.

The London Metal Exchange (LME) is becoming an important avenue for the growth of Islamic finance globally. The LME is a leading metal exchange, and a significant volume of liquidity management transactions concluded by Islamic finance institutions and other Sharia compliant firms are supported by metals on LME warrant.

The UK's preeminent fund management position has been one of the key reasons why Islamic financial institutions have chosen the UK as their base of operations or for a representative office. According to TheCityUK research there are £5.1 trillion of assets under management in the UK. UK financial institutions have been offering Sharia compliant funds since 1986 to cater to the investment requirements of their Middle Eastern clients. The first sterling denominated based Halal mutual fund was launched in 1997. There are currently around nine fund managers offering Islamic asset management services to their clients.

The robust regulatory framework, supportive Government and strong history of financial innovation attracts Islamic banks. The UK is one of the most desirable places to study in the world with around 100,000 international students studying at UK universities. Islamic finance is taught at a number of these universities and by other educational institutions such as the Institute of Islamic Banking and Insurance that started providing courses in 1990. The Chartered Institute for Securities and Investments developed the landmark Islamic finance qualification (IFQ) in association with L'École Supérieure des Affaires (L'ESA) in 2006. The IFQ has become one of the most comprehensive and popular entry level qualifications in Islamic finance.

In addition to these educational, regulatory and market developments the UK is a vibrant, multicultural and tolerant society that has welcomed Islamic finance. The UK has established itself as a hub for Islamic financial activities and is the global gateway for Islamic trade and investments. Islamic finance is without doubt a growth industry and the UK is well positioned to become the global leader outside the Muslim world. It is therefore essential that the industry continues to work with the government, tax and regulatory authorities to develop and shape the financial environment and UK legislation in order to ensure a level playing field for Sharia compliant products and services.

The majority of the 1.7 billion Muslim population live in MENA (20%) and Asia Pacific (62%) which are potentially major markets for Shariah pensions. If Shariah pensions can take only 10% of this potential market by 2020, it could be projected to reach US$1 trillion by 2020.

The emergence of Shariah pensions will support the Islamic asset management industry which is yet to achieve its critical mass. It will encourage existing Shariah asset managers and the new breed of asset managers to develop targeted Shariah investment solutions for their pension clients. Global asset managers can also take their share by offering their long-standing experience in managing pension funds and can offer the same by bringing Shariah investment solutions.

As per the Thomson Reuters report on Islamic asset management, the Islamic asset management industry constitutes only about 5% of the approximately US$1.8 trillion Islamic banking industry. There is a huge potential for the industry to grow but regulations and a lack of expertise are hindering the growth of this market.

Islamic pensions could be a game changer for the entire Islamic banking market, especially for Islamic asset management and Takaful. Islamic asset managers need to be more proactive and innovative rather than only concentrating on equity and fixed income funds; they need to concentrate on alternative asset classes and come up with more diversified and innovative Shariah compliant pension products.

The Islamic asset management industry needs to be institutionalised as currently it's heavily dependent on retail investors (80% of retail investors and 20% of institutional investors), while on the other hand, the conventional industry represents 20% retail and 80% institutional investors.

It's a huge opportunity for asset managers who can develop Shariah pension solutions for their own Shariah funds and offer them to their clients. It will help them build up the Shariah pension industry and increase assets under management for their own funds on a regular basis.

Currently, only a few Islamic financial institutions are offering Shariah pension solutions to their clients. This puts Islamic financial institutions at the forefront to develop Shariah investment solutions that can produce consistent and strong returns to match future liabilities. Savings for a pension is a long-term commitment and it's very important for financial institutions to come up with regular savings and capital-protected products so that investors can achieve their long-term investment goals.

Technology is another important factor which can play a very important role in the development of the Shariah pensions industry. It enables all stakeholders to keep track of their investments on a regular basis.

As per the World Bank, the three-pillar pension system, followed by most of the developed markets, is as follows: Pillar 1 – state/government-run pension; Pillar 2 – pension provided by employer; and Pillar 3 – privately-funded savings scheme.

Most of the developing countries have yet to adopt the World Bank's three-pillar system. Although public pension funds in some countries have been launched, they are still at the infant stage. Pension reforms are the key to strengthening pension systems in the developing world.

We have recently witnessed the support by some of the governments to develop this important untapped market. Without government support and reforms, this industry won't be able to achieve its true potential. In Malaysia, the Employees Provident Fund recently announced its ambition to start a US$26 billion Islamic savings plan. The Dubai Islamic Economy Development Center also lately declared that it will support the development of Shariah pensions which is a major step forward in developing this sector.

We have seen major development and the effect of reforms in Turkey, Pakistan, Malaysia and Australia in recent years which have helped these countries to build up a strong pension infrastructure and significantly increase the sale of pension policies and funds.

Due to the decline in oil prices, the reduction of subsidies and the increase in commodity prices, the MENA region is heading toward a change in lifestyle and moving more toward savings and pensions. This gives Islamic financial institutions an opportunity to position themselves as the provider of choice for Shariah compliant savings and pension products.

Last but not the least, education is the most important factor for the growth of the Shariah pension industry. As mentioned earlier, the Shariah pension is a fairly new concept for the developing world and it may take time, energy and effort to create awareness of this important sector.