Resilience within financial services in the GCC can be examined through various lens. 

Across the GCC, leaders in financial services have expressed concerns about a wide range of scenarios. Scenarios leaders are concerned about include changes to global tax regimes, failure to tackle climate change and the scale of the Ukraine war,  along with the risk of a large-scale cyber attack and a potential talent crisis.


Countries across the GCC have varying corporate tax policies. While industries working with hydrocarbons and other petroleum byproducts have a history of being levied higher tax rates, most industries pay corporate tax at rates ranging from 9% in the UAE (implemented only since 2022) to 46% for non-local business in KSA. With large scale lobbying underway for a uniform global corporate tax rate of 15%, a potential change in tax regimes could mean a significant hike in taxes paid by businesses in the GCC. 31% of leaders surveyed in the region cite this as a cause for concern in the coming year.


Whilst countries across the GCC have maintained a relatively neutral political stance about the Ukraine war and have continued to maintain their business relationships with Russia, the conflict has caused widespread disruption to operations. 30% of leaders in the region have cited concerns about the escalating conflict, particularly in relation to supply chain disruption, whilst 1 in 4 leaders in the region state that they are concerned about sanctions, export controls and tariff increase as a result of the war. Furthermore, a quarter of GCC leaders are also concerned about how global energy shortages resulting from the war will  affect them.


M&A activity in the GCC has continued to grow over the past 12 months, with 79% of leaders from privately owned organisations reporting that their business has been a target of M&A. This activity has been acknowledged by C-suite leaders across the board in the GCC, with half of CEOs,  51% of Chief Strategy Officers and 55% of Chief Legal  Officers seeing their firms as active targets of M&A over  the last 12 months.

Companies in the GCC have also been conducting M&A operations for multiple purposes, with entering new markets (30%) cited as the leading reason for conducting M&A. In KSA, 31% of companies cited reducing competition as a reason for their M&A operations, while 33% of companies claimed that they conducted M&A to acquire intellectual property in the UAE.


In the aftermath of the pandemic, organisations working in the GCC have faced significant challenges in ensuring long-term financial stability, with 39% of CEOs strongly agreeing that they have faced challenges in servicing all their debts over the last 12 months. Against this backdrop, rising inflation rates and increasing business costs continue to concern leaders, with 42% of CFOs citing concerns about reduced liquidity and availability of credit.


A paradigm shift is imminent in the GCC as a growing number of firms are adapting their business models to adopt a digital-first approach. With 32% of leaders working in financial services citing concerns about advancements in technology rendering their products and services obsolete, digital transformation and business innovation is a key area of focus for companies working. 

Significant efforts are being made by companies to strengthen internal and external cloud infrastructure and to migrate business operations onto these platforms; 59% of organisations have migrated or are looking to migrate their business operations to the external cloud for improved security, among other benefits.

As organisations continue to move their data onto internal and external cloud platforms, concerns around protecting business and personal data have also grown in the region, making data protection an important investment.


The accelerated digitalisation of the financial sector brought about by the pandemic has made the sector more vulnerable to cyber attacks. The need for a clear set of compliance standards for data protection is now more of a pressing matter than ever.

Almost 50% of companies identify as potential targets of various cyber attacks. This may partially be due to the rise in data breaches in recent times, with 60% of companies reporting that they had to notify regulators or individuals directly regarding breaches of personal data or Personal Identifiable Information (PII) over the last 12 months.

Other major concerns include data leaks, and increase in privacy breaches and violations, among others. In addition to the direct damage these issues cause, there are subsequent knock-on business effects. 79% of companies have reported that data privacy concerns have impacted their M&A decisions, amongst other effects of privacy breaches. Geographically, the proportion of companies impacted by these concerns is especially high in Saudi Arabia, at 81%. In terms of sectors, asset management, insurance and virtual assets feel the most vulnerable to cyber attacks.

Given their access to funds, intellectual property and customer information, coupled with increased reliance on third-party vendors and digitalisation of platforms, organisations in the banking and financial services sector are particularly vulnerable to cyber attacks. For example, the UAE experienced a 250% increase in cyber attacks through the course of the pandemic.1 Against this backdrop, it should come as no surprise that 77% of respondents anticipate that they will have to pay a ransom because of a future breach.

Within the cyber threat landscape, the cybersecurity risks that are most concerning to organisations over the next 12 months are insufficient data protection measures, and changes to existing data protection laws or introduction of new laws. These issues go hand-inhand, as organisations are often required to disclose to regulators the details of incidents involving data or sensitive information that was exposed or accessed by an unauthorised party. In the last 12 months, 60% of respondents surveyed had to notify due to experiencing some form of a breach involving Personally Identifiable Information (PII). Respondents cited a loss of intellectual property and loss of third-party information as the two most concerning impacts of a potential cyber attack. This is especially concerning considering that 4 out of 5 Chief Strategy Officers agree that their company does not fully understand the risk posed by third parties. 

Within the GCC the compliance environment is becoming increasingly complex. This environment has been developed, in part, because of a symbiotic relationship between financial crime control and state regulation.

On the one hand, there is growing exposure to financial crime and sanctions related risk brought about by a wide range of factors – including digitalization, economic instability, the adoption of new technology, continued supply chain disruptions and rising inflation rates. The increased adoption of digital currencies has led to concern amongst business leaders, with almost 80% of leaders surveyed agreeing that cryptocurrencies have increased the financial system’s exposure to financial crime and sanction risk.

With preparations for COP28 in 2023 underway in UAE, momentum is quickly building around the GCC’s ESG agenda. ESG goals are becoming more of a strategic and operational imperative, with the growing demand for environmental and social change from both internal and external stakeholders driving companies to increase their focus on ESG related initiatives.

For companies across the GCC, the case to have a strong ESG strategy in place has become more compelling and is being linked to value creation. 82% of companies agree that their business is shifting its approach to ESG from managing risk to identifying new business opportunities. The aforementioned trend is more prominent in the insurance and payment services and f intech sectors with 90% of companies agreeing to a shift in their approach to ESG. Furthermore, organisations are willing to invest in their ESG agenda, with improving ESG credentials and capabilities being the second most cited reason for planned M&A activity over the next 12 months.  

GCC companies are evidently making progress in embracing the ESG agenda. First, they are spending more resources on sustainability and second, they are actively aligning their business strategy and goals with social purpose, thereby aligning their ambitions with those of their various stakeholders. The importance of ESG within business strategy is highlighted by the fact that 91% of organisations request information regarding the ESG initiatives of parties involved as part of risk evaluation and decision making processes.

There is evident optimism around the future of digital assets and their application in the GCC. Incorporating digital assets into business operations is already underway with 74% of companies exploring how blockchain and digital asset offerings can be incorporated into business offerings, and 93% of leaders already incorporating digital assets into their business offerings.

One of the main motivations behind the exploration  and investment into digital assets comes from a growing use of digital currencies within the retail sector, making digital assets a priority for consumers. A majority (94%) of GCC organisations agree that the retail sector’s adoption of digital currencies has pressured their company to change its approach towards digital assets. 


The 2022 Resilience Barometer® GCC explores important developments within financial services through our research targeted at key decision-makers in the region. These insights capture the incredible movement within the sector, with the the rapid digitalisation of business operations, the adoption of digital assets and the growth of digital finance systems, an ever intensifying regulatory landscape and an increased focus on ESG.

slide left
slide right