^{Case study} Cybersecurity – Compliance with the UAE Information Assurance Standard

Embedding a culture of risk awareness

We are a domestically systemically important bank in the UAE, and a consistent and sustainable performance depends on our ability to mitigate and manage risk at every level successfully. A strong culture of risk awareness, including cybersecurity, is embedded across the organisation.

Risk is a fundamental part of our business and underpins every decision we make. Our proactive approach is driven by our values, which play an integral role in enforcing the discipline needed to protect the Bank, its customers, and our reputation.

All banks must be fully compliant with the UAE Information Assurance Standard – comprised of 698 information security-related controls. Partnering with a leading global consultancy firm, ADCB conducted a comprehensive gap assessment on the applicable controls.

Key findings included:

• Information security risk assessment process adequately defined and implemented
• Remote access to ADCB information systems strictly controlled and analysed to reduce risk
• Effective implementation of information security training and awareness campaign
• Effective implementation of policies and processes to ensure employee awareness on roles and responsibilities
• Data protection and privacy controls defined and implemented adequately

Overall, we achieved 99% benchmarking compliance in the assessment, well above the 93% median across the financial sector.