The banking landscape is dramatically evolving, with digital transformation in full flow and customer demands increasing. Alongside that are heightened cybersecurity risks, with attacks becoming more sophisticated and successful.
To keep pace with the competition, banks should consider adapting their offering toward a collaborative ecosystem approach that minimizes business interruption, attracts customers, and generates trust, value, and revenue.
Rise of cyberattacks
When the global pandemic hit, digitization of the banking sector accelerated. Since then, in-person interactions have decreased, and mobile banking has risen. Moreover, consumers expect seamless, affordable, and ever-improving services. To achieve that, open banking is making headway, allowing financial institutions and third-party financial services providers to exchange vast swathes of data, innovate, enhance the customer experience, and offer better value.
But as a consequence, cyberattacks are rising – by 238% during the first half of 2020 alone, according to a report by Sopra Steria in partnership with Ipsos. Meanwhile, $56 billion in total losses resulted from identity fraud. And in 2021, financial institutions experienced 270 attacks on average – a 31% year-on-year increase. Meanwhile, according to Cybersecurity Ventures, global cybercrime costs are predicted to reach $8 trillion in 2023.
Finance is the second most impacted industry when it comes to cyberattacks. What’s more, many are successful. As per Sopra Steria’s research, one in four clients has faced a phishing attack, with one in seven harmful. Over half of those targeted are tech-savvy men, with 44% under 35 years old.
Despite those statistics, 79% believe digitization has contributed to making financial transactions safer, and 58% state their bank intervened effectively when they were victims of cybercrime.
Response of banks and customers
Indeed, banks are spending more money than ever protecting themselves and their customers against increasingly professional cyberattacks. By doing that, they acquire valuable technical and defensive knowledge.
But at the same time, some customers aren’t satisfied with their bank – nearly a third found their response ineffective, with some saying they did nothing at all. Consumers also have higher expectations, with the following seen as important:
- Stronger identification and authentication methods
- Stricter cybersecurity regulations
- Enhanced data protection
- Cyber risk scores to indicate security posture
- Best-in-class, uninterrupted customer experience
On top of that, people are highly attracted by potential big tech banking providers like Google, Apple, Facebook, Amazon, and Microsoft (GAFAM), increasing competition with (and among) incumbents.
Tackling the attack surface and regulations
As the financial arena becomes more digital, the attack surface widens. And when cybercrime occurs, banks are impacted in the following ways:
- Revenue loss
- Less competitive
- Business disruption
- Customer relationships suffer
- Reputational damage
Banks are also tackling new regulations. For example, European governments introduced the NIS2 Directive, the “first piece of EU-wide legislation on cybersecurity, aiming to achieve a high common level across the Member States.” Indeed, the penalty for non-compliance is 2% of a company’s global turnover or 10 million – whichever is greater.
Additionally, the Digital Operational Resilience (DORA) Act outlines uniform requirements for financial institutions around the “security of network and information systems supporting their business processes”.
To comply with relevant rules, deal with cyberattacks effectively, and ensure business disruption is minimized, 8-10% of banks’ global IT budget is dedicated to cybersecurity.
Cybersecurity and revenue creation
As a result, banks have a firm grasp of the cybersecurity landscape, and many customers view them as trusted partners. With that in mind, there are valuable opportunities to consider and capitalize on. For instance, as well as spending budget defensively and to ensure compliance, banks can leverage their position to offer cyber trust services that:
- Generate revenue
- Reduce costs
- Improve business outcomes
- Retain and attract customers
- Boost confidence
- Provide new and innovative services
Who should banks target?
When it comes to attracting new customers, focusing on small and medium enterprises (SMEs) is a meaningful proposition. Indeed, that group is already requesting more support, given 43% of cyberattacks target small businesses, 60% of data breach victims permanently close their doors within six months of an attack, and 80% of ransomware issues in 2021 impacted SMEs.
With that in mind, financial institutions can help SMEs by becoming proactive digital trust players – a new market approach. Achieving that involves partnering with tech-forward, credible third parties to offer SMEs bespoke cybersecurity services that:
- Prevent through evaluating risk and compliance, technical audits, improved training and awareness, and working with chief information security officers.
- Protect devices, data, applications, connectivity, and identity, and encourage protection by design.
- Detect and respond via threat intelligence, vulnerability management, and command and control.
As part of that, banks and their carefully-chosen third-party partners should consider the context of the SME and how to best serve their needs – depending on whether they use the cloud, the Internet of Things, operational technology, or a combination. This holistic and scalable cybersecurity model is designed to provide lasting value, making cybersecurity a competitive advantage.
Collaborative approach to cybersecurity
Banks spend an incredible amount on cybersecurity, and as the attack surface increases, so does that figure. As a result, they acquire invaluable experience that they can use to help vulnerable customers defend themselves more effectively, and potentially prevent attacks from happening in the first place. However, successfully offering cybersecurity services involves leveraging an ecosystem of trusted external partners with the required technological prowess.
For more expert content on industry outlooks and innovation, subscribe to our newsletter or visit our Insights page.