Threats to digital banking in the Gulf Cooperation Council

Cyble published an analysis of digital banking risks in Gulf Cooperation Council countries (Saudi Arabia, UAE, Qatar, and others) for 2026. Key takeaway — rapid digitalization of the financial sector has sharply expanded the external attack surface: APIs, cloud infrastructure, third-party integrations, and mobile platforms have become prime targets for threat actors.

Highlights from the report:

📊 The growth of open banking adds extra pressure on security. To interact with partners and financial services, banks expose open APIs, which have also become potential attack entry points. 📊 In just the first half of 2025, more than 90 data leaks — including financial records — were reported among organizations of the region. A significant portion involved compromised third-party vendors. 📊 As the e‑commerce market expands, attackers have shifted focus to targeting customers: credential‑stuffing and phishing campaigns aimed at online retail grew by 25% between Q2 and Q3 of 2025. 📊 AI empowers threat actors, enabling them to automate phishing, generate deepfakes, and craft more convincing fraud scenarios. Realism is especially critical when imitating financial services — one previously reported example illustrated such a well‑planned campaign.

Cyble also emphasizes that the issue increasingly stems not from sophisticated malware use but from weak monitoring and asset inventory across the external network perimeter. As digital ecosystems grow, organizations lose full visibility over which services, cloud resources, and integrations are actually exposed to the internet.

Cyble's report reflects a broader trend extending beyond the banking sector and the Gulf region: attack surfaces often expand faster than organizations can inventory and continuously monitor them. Previously researchers from Ethiac highlighted a similar issue for European telecom operators. Under such conditions, external attack surface management tools are becoming less of a security add‑on and more of a baseline necessity for large digital ecosystems.