Machine learning, smart cities, an expanding cloud: it’s clear that the pace of digital change is accelerating, and this demands data-driven, flexible, and expansive solutions.
So, what should be on the forefront of a GCC-based business or public sector leader’s mind right now? From talkative AI to citizen data and third-party cybersecurity threats, we’ve identified seven opportunities (and their corresponding risks) that all GCC business and government entities must be aware of as we move further into 2023…
Public sector using generative AI more and more
Super apps will be key to government toolkit
IoT to supercharge the mega-events industry
GCC to double down on cloud infrastructure
Governments to unlock centralized citizen data
A non-negotiable? Robust ethical frameworks
Third-party cybersecurity risk will loom
1. The public sector will use generative AI more and more
The GCC’s recent investments in AI to empower smart government are clear. However, these technologies are evolving at a breakneck pace; and to keep up with private-sector pioneers, regional governments must take an agile approach to refining and rolling out AI tools.
Take generative AI: many regional governments already use chatbots, such as Dubai’s “Rashid”, but the November 2022 launch of OpenAI’s ChatGPT — a deep-learning generative AI tool that can carry out astonishingly sophisticated interactions with users — raises the question of how such technologies can be used to provide more dynamic and timely solutions to complex citizen queries.
According to Gartner, 30% of outbound marketing messages from large organizations will be synthetically generated by 2025, up from less than 2% in 2022 ¹
“Generative AI has the potential to profoundly transform the public sector. Implemented well, it could be a major boon to e-government, helping residents solve open-ended problems, negotiate with public servants, and access intensely personalized content,” notes Jad Haddad, Head of the Digital practice at Oliver Wyman IMEA.
In 2023, we anticipate that GCC countries will meaningfully explore the promise of generative AI tools, as the region continues to climb the ranks of e-government maturity. For such tools to emerge in the public sector, it will be essential to address the considerations of both the region (e.g., Arabic flexibility, WhatsApp integration) and governance (e.g., accuracy and fairness of AI-generated responses).
2. Super apps will be key to government toolkit
We’ve recently seen the rise of the supera pp in the region: a one-stop shop where you can — in the example of the Dubai-grown Careem — order food, book a ride, and send money, all in one place. The GCC public sector has followed suit, with numerous e-government super apps emerging in the region.
Since launch, the Dubai Now government app has processed 20 million transactions worth $2.7 billion USD
It is projected that by 2027, more than 50% of the global population will be daily active users of multiple super apps². These tools have particularly potent advantages in the public sector: for citizen end users, they can increase e-government inclusion by unifying services under one credible brand. For government entities, they revolutionize efficiency by capitalizing on universal functionalities. For example, they can provide end-to-end journeys — such as registration, licensing, visas, rent and more all being activated seamlessly when someone sets up a business. They can also offer proactive or suggestive services: such as automatic activation of social benefits, or automatic renewal of a passport.
“Super apps are on the center stage for the public sector to test and disseminate new digital services. The evolution of emerging technologies — such as opening banking and blockchain — will further transform their functionality in the years to come,” says Jean Salamat, Partner at Oliver Wyman IMEA’s digital practice.
3. Internet of Things to supercharge mega-events industry
The Internet of Things will transform how we interact in the physical realm: from smart cities to connected healthcare. One area in which we’re already seeing great change in the GCC is tech-enabled mega events. Multiple technologies working in harmony — wireless sensors, drones, radio-frequency identification, AI, analytical software, and more — allow for dynamic crowd response, providing a safe, efficient, and sometimes even personalized experience for all.
To manage the flow of massive stadium crowds during last year’s FIFA World Cup, Qatar leveraged “digital twins,” aggregating data from 40,000 IoT devices. In a similar vein, Dubai’s award-winning Enterprise Command and Control Center uses a combination of AI, digital camera, and thermal imaging technologies to oversee a matrix of 11,000 surveillance cameras, 5,000 kilometers of road, 10,000 taxis, and more.
We anticipate that there will be more than 1 billion IoT connections across the GCC by 2030
The GCC’s aspirations to host best-in-class international events and meet ambitious tourism targets are only growing: for instance, Saudi Arabia recently won the bid to host the 2029 Asian Winter Games at Neom’s emerging Trojena development, and there is discussion of events such as the Olympics being hosted in the GCC. To provide a truly differentiated experience, accelerated investment in IoT technologies will be a must.
“In the GCC, private players must actively participate in developing IoT infrastructure, while the public sector needs to establish effective and competitive regulatory frameworks. Get these elements right, and the reality of the GCC’s events, and smart cities, will truly transform,” says Ahmad Mourtada, a Partner in Oliver Wyman’s Digital and Communication, Media & Technology practices.
4. GCC will double down on strong cloud infrastructure
“Digital ambitions need the backbone of a strong cloud infrastructure. Nationwide digital transformations, widespread 5G adoption, and increased security demands — these trends all demand rapid maturity of cloud infrastructure in the region, which is definitely underway,” points out Jad Haddad.
Investment in the GCC is evident: for instance, forecasts indicate that Saudi Arabia’s cloud market could exceed $6 billion USD by 2025.
The GCC cloud market is projected to exceed $13 billion by 2025 ³
Notably, the region has, in the past, fallen short regarding the presence of hyperscalers: large enterprise cloud providers that have historically dominated up to 80% of the global market. However, the tides are turning: just last year, AWS launched their first-ever data centers in the UAE, while Saudi Aramco has partnered with Google Cloud to strengthen regional cloud services. Alibaba Cloud — in partnership with STC — has also entered the Saudi market
In 2023, we expect to see these heavy hitters continue their expansion in the region, bolstered by local partnerships.
5. Governments to unlock the value of centralized citizen data
The transformative power of AI cannot be unlocked without strong, well-governed data across functions. This is a particular challenge for public sector entities: in aggregate, governments may possess a wide range of meaningful data on their citizens, but this data is often siloed and of highly variable quality.
Across the GCC, governments are working to remediate this issue by establishing whole-of-government data strategies, platforms, and regulators across the public sector. Bahrain’s national digital transformation strategy, launched last year, emphasizes the consolidation of government data in service of smart forecasting and decision-making.
130+ Saudi public sector entities are launching dedicated data functions, aligned with the National Data Management Office (NDMO) mandate
Across the board, governments need to strengthen their data quality, operations, classifications, protections, and availability. And they will: this year will see continued strengthening of the whole-of-government data mandate – and therefore the associated legislation, regulatory muscle, and capability build up.
“A centralized data platform unlocks powerful insights. It’s one thing, for instance, for a country’s education authority to have insight on student academic performance. But, when combined with insights from other sectors, including finance and labor, a transformative picture can be painted of the workforce of the future,” says Jean Salamat.
6. A non-negotiable? Robust ethical frameworks
“While intelligent citizen services, a seamless digital career compass, and whole-of-government data platforms all hold tremendous potential, they also raise risks for abuse and citizen mistrust. As such, it is essential for any modern public sector entity to define robust technology ethics regulations,” says Jad Haddad.
Globally, regulators struggle with the challenges posed by rapid technological advancements. The GCC has already taken action on this front, with ethics standards featured prominently in the UAE Strategy for Artificial Intelligence and the National Artificial Intelligence Strategy for Qatar. And last year, the Saudi Data and Artificial Intelligence Authority (SDAIA) released their proposed AI Ethics Principles for public consultation.
Open data — data made publicly accessible to foster transparency and innovation — is another area where regional governments have progressed. Bayanat, the UAE government’s open data portal, is home to more than 2,600 open data sets on topics ranging from resident health to environmental quality.
Over the coming years, it is paramount that GCC governments continue proving their bona fides when it comes to technology and data ethics — building up public trust, while also striking the right balance so as to not stifle innovation.
In 2021, 193 UNESCO member states — including all the GCC countries — adopted a global agreement on the Ethics of Artificial Intelligence
7. Third-party cybersecurity risk will loom large over lofty aspirations
When it comes to cybersecurity risk, it’s clear that you’re only as strong as your weakest vendor — and we anticipate that GCC leaders will take this message to heart and invest accordingly in the year to come.
Cybersecurity is an often unseen but critical part of earning public trust. GCC entities may be increasingly confident in their own cyber capabilities, but many still fail to understand the cybersecurity risk exposure of using third parties: cybersecurity incidents caused by third-party vendors are among the most challenging and expensive to remediate.
The GCC’s bold public sector ambitions often require collaborating with a vast consortium of external partners. According to a recent Marsh study, 42% of business leaders in the Middle East and Africa believe that “business interruption due to external supplier or partner cyber disruption” is one of the top cyber threats they face4.
However, just 40% of surveyed MEA companies have conducted a risk assessment of their vendors and supply chain
“A rigorous third-party cybersecurity risk management framework is key to mitigating such existential threats. Entities must define a robust framework in order to understand their third-party landscape in terms of both the criticality of services offered and the levels of access given. They must also vet and continuously monitor the critical controls needed to mitigate the risks of any third-party vendors they work with,” says Oliver Wyman Partner and cybersecurity expert Ziad Nasrallah.
- Gartner, Innovation Insight for Generative AI, Brian Burke, Arun Chandrasekaran, Svetlana Sicular, 15 December 2022. GARTNER is a registered trademark and is used herein with permission. All rights reserved.
- Gartner, “What is a Superapp?”, September 28, 2022. GARTNER is a registered trademark and is used herein with permission. All rights reserved.
- Fitch Solutions, Cloud Spending Forecast GCC. Accessed: February 28, 2023.
- Marsh, Middle East and Africa Insights – The State of Cyber Resilience, September 2022.
Lara Chikhani, João Fervença, Mohit Matta, Maria Midiri, Prashant Parsram, Alvaro Torres, Charbel Trad, and Sebastian Voll.