Case study: How Bank Muscat promotes cybersecurity
Bank Muscat is the leading financial institution in Oman, with a strong presence in corporate banking, personal banking, investment banking, Islamic banking, treasury, private banking and asset management. As cybercrimes can cause enormous financial and material losses for both victims and the economy, Bank Muscat remains vigilant in its cybersecurity efforts Tweet This! so as to safeguard, according to strict standards of security and confidentiality, any information customers share with the Bank.
This case study is based on the 2019 Sustainability Report by Bank Muscat published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.
Abstract
Bank Muscat’s information/cybersecurity management function helps to secure information within the Bank, as well as keep the Bank secured from cybersecurity risks. In order to promote cybersecurity Bank Muscat took action to:
- identify and address cybersecurity risks
- improve cybersecurity measures
- launch an anti-fraud public awareness campaign
Subscribe for free and read the rest of this case study
Please subscribe to the SustainCase Newsletter to keep up to date with the latest sustainability news and gain access to over 2000 case studies. These case studies demonstrate how companies are dealing responsibly with their most important impacts, building trust with their stakeholders (Identify > Measure > Manage > Change).
With this case study you will see:
- Which are the most important impacts (material issues) Bank Muscat has identified;
- How Bank Muscat proceeded with stakeholder engagement, and
- What actions were taken by Bank Muscat to promote cybersecurity
Already Subscribed? Type your email below and click submit
What are the material issues the company has identified?
In its 2019 Sustainability Report Bank Muscat identified a range of material issues, such as customer relationship management, employee training and development, responsible investing, Anti-Money Laundering and Anti-Financing of Terrorism (AML and AFT). Among these, promoting cybersecurity stands out as a key material issue for Bank Muscat.
Stakeholder engagement in accordance with the GRI Standards
The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:
Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.
Key stakeholder groups Bank Muscat engages with:
Stakeholder Group | Method of engagement |
Employees | · Annual performance reviews · Regular dialogue and interaction with employees · Training and education programmes · Grievance mechanism · Polls and survey |
Customers | · Call Centre Feedback Management System (FMS) · Company website · Focus groups · Customer networking events for specific customer segments · Branches and access points including ATMs and CDMs · Media and social media channels · Annual report and sustainability report · Other bank publications including investor presentations |
Government (Including Regulatory Bodies) | · Government Business Division · Investment in the national economy · Supporting initiatives of national importance |
Correspondent / Other Banks / International Entities | · Financial Institutions Group (FIG) · Company website and other publications · Roadshows and presentations |
Shareholders/ Investors
| · Investor Relations Department · Shareholder meetings · Roadshows and presentations · Company website and other publications |
Local, Regional & International Media | · Media, social media and other publications · Press conferences · Media networking events |
How stakeholder engagement was made to identify material issues
To identify and prioritise material topics Bank Muscat engaged with its stakeholders through interviews and surveys.
What actions were taken by Bank Muscat to promote cybersecurity?
In its 2019 Sustainability Report Bank Muscat reports that it took the following actions for promoting cybersecurity:
- Identifying and addressing cybersecurity risks
- Bank Muscat continuously invests in maintaining and updating the systems and processes that are designed to ensure the security of the Bank’s computer systems, software, networks and other technology assets. Bank Muscat’s information/cybersecurity risk management function focuses on the following key aspects:
- Cybersecurity incident response plans in order to implement effective management of cybersecurity incidents
- Information security governance through security policies, procedures, guidelines and standards
- Information security monitoring using the latest solutions and tools, including real time as well as fixed frequency monitoring
- Implementing a robust security defence network as well as maintaining strong internal controls
- Information security reviews comprising new and existing technologies, solutions, networks and also the various processes/ operations within each and every department of the Bank
- Improving cybersecurity measures
- In 2019, Bank Muscat partnered with the Information Technology Authority (ITA) to improve cybersecurity measures. The Bank took part in a series of cybersecurity events organised by the ITA, including the 8th Regional Cybersecurity Summit, FIRST & International Telecommunication Union Arab Regional Cyber Security Centre (ITU-ARCC), and the 7th Regional Cyber Drill. Bank Muscat also participated in the Cybersecurity Readiness drill, held under the theme “Intelligence of Malware” and organised by the National Computer Emergency Readiness Team (OCERT) to assess cybersecurity readiness in Organisation of Islamic Cooperation (OIC) countries.
- Launching an anti-fraud public awareness campaign
- In 2019, the Royal Oman Police (ROP) and Bank Muscat launched an anti-fraud public awareness campaign. The campaign focused on educating the community not to share their personal details or their banking/card details with anyone over the phone, and not to input them on links received through social media or messaging.
Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?
The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data
Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:
- Sustainable Development Goal (SDG) 16: Peace, Justice and Strong Institutions
- Targets: 16.3, 16.10
78% of the world’s 250 largest companies report in accordance with the GRI Standards
SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.
Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.
7 GRI sustainability disclosures get you started
Any size business can start taking sustainability action
GRI, IEMA, CPD Certified Sustainability courses (2-5 days): Live Online or Classroom (venue: London School of Economics)
- Exclusive FBRH template to begin reporting from day one
- Identify your most important impacts on the Environment, Economy and People
- Formulate in group exercises your plan for action. Begin taking solid, focused, all-round sustainability action ASAP.
- Benchmarking methodology to set you on a path of continuous improvement
See upcoming training dates.
References:
1) This case study is based on published information by Bank Muscat, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:
http://database.globalreporting.org/
2) https://www.globalreporting.org/standards/gri-standards-download-center/
Note to Bank Muscat: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.