Interview with Shakeel Shaikh, Head of Information Security |Ahli United Bank

Cybersecurity in a volatile region: the impact of geopolitical insight on cyber defence planning 

Seamless Xtra’s Paula Hallentuch interviews Shakeel Shaikh, Head of Information Security – Ahli United Bank.

Shakeel Shaikh is the Head of Information Security at Ahli United Bank in Bahrain, and a seasoned cybersecurity leader with more than 25 years of experience in the financial sector across the Middle East. He brings a strong strategic focus to cyber risk management and is known for building high-performing teams and developing future leaders in the field. Throughout his career, Shakeel has been a trusted mentor, public speaker, and active contributor to industry dialogue, regularly speaking at major cybersecurity conferences and summits. 

What are the biggest cybersecurity threats you’re seeing in the GCC right now, and how is your team adapting to stay ahead of them?

The GCC remains a geopolitically volatile region, and it’s not a surprise that nearly 30% of cybersecurity threats in the region are driven by geopolitical motives. I see a rising trend in such threats, with diverse objectives ranging from disinformation campaigns to stealing intelligence or disrupting critical infrastructure.

What makes them particularly challenging is their origin: many are state-sponsored, backed by substantial resources, and capable of targeting multiple sectors simultaneously. Recently, in one week alone, over 250 hacktivist attacks were recorded, including DDoS assaults, data leaks, and website defacements. Their targets spanned government, media, financial services, IT, energy, telecommunications, and education.

Addressing geopolitical cybersecurity threats requires a distinct approach. It is essential to monitor geopolitical developments and assess how they might translate into cyber risks. Understanding the actors behind these threats—their motives, tactics, and likely targets—is key to building an effective defence strategy. Geopolitical cyber risk assessments play a vital role in shaping this strategy, helping anticipate threats, prepare, and respond proactively.

Are you working with fintechs or external partners to strengthen your cybersecurity capabilities? What makes those partnerships successful?

Collaboration with external parties is an essential part of an effective cyber defence strategy. Cyber threats are ever-evolving, and no one organization can have complete knowledge of all threats and intelligence. Early warnings of emerging threats, attack vectors, and information about developing malware are often received from external parties and partners. Collaboration is important and cannot be neglected.

We work with threat intelligence partners, local and regional groups, and regulators. Regulators in the region are very active in supporting organizations in building cyber capabilities. Some also promote industry-specific committees and collaboration groups.

A simple principle for any partnership to be successful is that every partner needs to be actively engaged and contribute to the success of the partnership. We collaborate closely and share knowledge with our partners. Partnerships or groups also need to have a common vision and clear objectives to be effective. In the cyber world, anyone can contribute and support the industry proactively through collaboration and partnerships.

With regulations tightening across the GCC, how do you stay compliant without slowing down digital innovation?

Regulators help raise cybersecurity maturity. Several in the GCC are highly proactive and constantly work to improve the overall level of maturity across the industry. They have ensured the implementation of key security controls that might not have been adopted otherwise. Regulations are important to bring organizations to a baseline level of maturity; however, regulatory standards should not be taken as the ultimate benchmark. Cybersecurity is a risk management activity, and it requires many more measures than those enforced by regulators, depending on the threats and emerging risks.

Regulatory compliance is fundamental to our processes and always gets priority. At the same time, we carefully consider cyber risks to ensure prudent decisions. Regulators understand this and offer support when needed. In some cases, businesses have chosen functionality not recommended by regulators. We wrote to the regulators explaining the cyber risk and how it would be managed, even though it was not fully in line with their recommendation, and they supported our approach.

Cybersecurity, being a risk management and control function, must impose controls to mitigate risks. By nature, such controls can affect transformation and innovation. Cybersecurity teams need to work with the business closely and proactively to develop controls that support innovation goals without compromising security. One of the key responsibilities of cybersecurity is to maintain risk within appetite while enabling business objectives.

……….