A recent technical report revealed a significant escalation in cyber risks facing financial institutions across the Middle East and Africa, driven by the accelerating pace of digital transformation and the expanding reliance on cloud infrastructure and advanced technologies.
The report indicated a global increase of 1300% in fraud operations based on Deepfake technology during 2024, with a growing trend toward targeting digital banking services and mobile banking through phishing attacks and AI-driven digital identity impersonation.
External Parties
The report titled “Cybersecurity for the Banking Sector in the Middle East and Africa 2026”, issued by Fortinet, the global cybersecurity leader driving the convergence of networking and security, explains that the threat landscape and regulatory environment within the financial sector are undergoing rapid transformation due to the growing complexity of digital threats and the expanding reliance on third-party provider ecosystems to support core operations.
This has prompted regulatory authorities to strengthen operational resilience requirements in order to support financial stability, protect consumer confidence, and mitigate systemic risks associated with the increasing dependence on digital systems.
Banking Risks
The report pointed out that the expansion of Saudi banks in digitizing core services, along with the adoption of Banking-as-a-Service models and cloud computing, has increased reliance on third-party service providers, which has broadened the scope of cyber threats and prompted tighter oversight by the Saudi Central Bank and the National Cybersecurity Authority.
The report also showed that emerging technologies, led by artificial intelligence, play a dual role within the financial sector. While they contribute to strengthening advanced cyber defense capabilities, they are also associated with the emergence of sophisticated digital threats including deepfake attacks, automated phishing, and digital identity theft.
Sovereign Cloud
The report highlighted the rapid growth of sovereign cloud infrastructure across Gulf Cooperation Council countries and several African nations, driven by data localization requirements and national security considerations. The report estimated the global sovereign cloud market at approximately $154.7 billion in 2025, with projections indicating it will reach $823.9 billion by 2032.
The report also noted the emergence of the Kingdom of Saudi Arabia as a major regional hub in this field, as global cloud service providers commit to establishing cloud regions and service centers within the Kingdom to meet data localization requirements and strengthen protections associated with national security.
Saudi Leadership
Regarding cyber readiness indicators, the report highlighted that the Kingdom of Saudi Arabia achieved the full score (20/20) in the Global Cybersecurity Index 2024 issued by the International Telecommunication Union, placing it among only 13 countries in the Middle East and Africa classified within the highest global tiers.
This ranking reflects the scale of national investments in cybersecurity governance, digital infrastructure development, and strengthening the resilience of the financial sector in alignment with the objectives of Vision 2030.
Smart Defense
The report explained that AI-powered cybersecurity tools help financial institutions detect attacks more quickly and stop fraud operations in real time, in addition to enhancing the protection of customer data.
These tools also enable the automation of routine tasks within cybersecurity teams, supporting operational efficiency and reducing the pressure caused by the shortage of specialized talent.
Saudi Capabilities
This direction aligns with the Essential Cybersecurity Controls issued by the National Cybersecurity Authority, which require entities operating critical infrastructure to employ Saudi professionals in cybersecurity roles, supporting the objectives of Vision 2030 related to digital growth and the development of national capabilities.
These strategic steps come at a time when the sector globally faces a shortage exceeding 4.7 million specialists, making it more difficult to confront the growing digital threats and leading to the continued presence of vacant security roles in many organizations.
Quantitative Gap
The report warned of future challenges associated with Post-Quantum Cryptography, as a regional survey showed that 61% of organizations in Europe, the Middle East, and Africa are not prepared for the post-quantum era, while only 12% have begun deploying quantum-safe security technologies.
This challenge is linked to the potential for “harvest now, decrypt later” attacks, in which attackers collect encrypted data today with the intention of decrypting it in the future as quantum computing capabilities evolve.
Secure Access
The report identified a number of strategic areas expected to receive priority in the Saudi banking sector in the coming phase. These include strengthening operational resilience testing and cyber stress testing for banks, expanding the adoption of sovereign cloud and Sovereign SASE solutions to ensure data localization, tightening third-party and supply chain risk management, investing in AI-powered threat detection, and establishing early roadmaps for adopting post-quantum cryptography technologies.
Digital Transformation
The report highlights the growing relationship between the acceleration of digital transformation in the financial sector and the rising requirements for cybersecurity protection, as reliance on cloud infrastructure, artificial intelligence, and digital financial services continues to expand. The findings indicate that cyber resilience has become a key component in the stability of businesses and the banking sector within modern digital economies.
The report also noted the expanding adoption of Sovereign SASE solutions that combine secure networking, cybersecurity operations, and unified protection platforms to support institutions operating in highly regulated sectors such as financial services, government entities, and critical infrastructure.
Investments are also moving toward the development of local cloud infrastructure within countries across the region, enabling institutions to retain sensitive data within national borders amid growing data sovereignty requirements and regulatory frameworks related to information protection.