Type of the article: Research Article
Abstract
FinTech growth in the Gulf has expanded digital access to banking services, but cyber-risk governance has not advanced at the same pace. This study develops and applies a quantitative framework to evaluate institutional, systemic, predictive, and probabilistic dimensions of cyber risk across Gulf financial technology ecosystems, including commercial banks, digital wallets, and payment platforms. The empirical design combined an application-level sample of ten leading mobile financial platforms with a vulnerability-level observation dataset generated through repeated static and dynamic security assessments between July 2024 and May 2025. The analysis integrated comparative statistical testing, extreme value modeling, dependency analysis, machine learning classification, and Bayesian estimation. The results revealed significant institutional divergence in vulnerability severities (p < 0.01), with Saudi Arabian Android banking applications recording the highest mean score (8.12) and UAE iOS applications the lowest (7.29). The risk distribution displayed a heavy-tailed structure, with a shape coefficient of 0.22 and a scale coefficient of 0.78, indicating that rare but severe vulnerabilities dominate exposure. Dependency modeling identified systemic linkages between platform type, regulatory environment, and vulnerability category, with correlations ranging from 0.29 to 0.36. Machine learning classification achieved 85% accuracy and 84% precision, while Bayesian estimation produced narrow 95% credibility intervals. The findings highlight distinct, quantifiable cyber-risk patterns across Gulf banks and FinTech platforms and support the need for integrated, data-driven supervisory frameworks.