The financial sector, in common with most other industries, is undergoing digital transformation. Widespread adoption of mobile and cloud platforms, along with developments in technologies such as AI, blockchain and quantum computing, provide financial service providers with the opportunity to improve their efficiencies, and the experience they offer their customers. At the same time, a greater exposure to digital technology can lead to a greater exposure to the risk of cyber attack.
The data they hold makes financial service providers particularly attractive to cyber criminals; a trend that shows no sign of stopping – the number of cyber incidents reported to the Financial Conduct Authority (FCA) in 2018 was up an incredible 1,000% on the previous year. It’s clear that a balance needs to be struck between the risk of attack and the business benefits offered by digital transformation.
To explore this, Nominet recently commissioned a survey of CISOs, CTOs and CIOs at financial service providers across the UK and US to gauge their thoughts on how concerns around cyber security informed their organization’s digital transformation strategy.
Concerns, considerations and perceptions
Nearly all the financial service companies we surveyed are currently engaged in a digital transformation program to some extent. Many were mindful of the potentially harmful impact this could have on their business however, with about half (48%) claiming that a threat to cyber security was the single biggest risk posed by its implementation.
Indeed, 38% said they were “very” or “extremely” concerned about the effect digital transformation could have on their organization’s cyber security. Exposure of customer data was cited as the top concern (64%), perhaps unsurprising given the prospect of eye-wateringly high penalties for GDPR non-compliance, not to mention the regular appearance of high-profile data breaches in the news. This was followed by concerns around the growing sophistication of cyber criminals (56%) and an increasing threat surface (53%).
By way of mitigation, just under a third (31%) of respondents had allocated up to a quarter of their digital transformation budget toward cyber security provisions. But, while this investment might appear encouraging, in many cases it may have been left too late.
Only around two in five admitted considered security while developing their digital transformation strategy, with one in five either leaving it to the pre-implementation or implementation stages. Worryingly, one in ten admitted to putting it off until their transformation was actually underway, and a handful confessed to giving cyber security no thought at all.
There appears to be a significant perception gap when it comes to the effectiveness of financial service providers’ security measures. Despite evidence to the contrary, the majority of respondents (87%) believed they had considered cyber security early enough in their digital transformation program so as not to be an issue. In truth, though, cyber defenses need to be considered from the outset if they’re to be fully effective.
Help is at hand
Concerns around timing aside, it’s encouraging to see organizations turning to third-parties for guidance on how to improve their security posture, with many seeking advice from a number of disparate sources including vendors, consultancies, analysts and outsourced cyber security providers. Indeed, collaborating with external partners as part of a digital transformation program will add greater value to an organization’s in-house teams. By augmenting their own capabilities, this approach will create an environment far more secure than could be achieved by an organization working on its own.
Developments in digital technology will continue to unlock business benefits; from greater efficiencies to improved service delivery. But these benefits depend on robust cyber security – particularly for organizations in the financial services sector. The industry is among the most popular targets for cyber criminals, and if customers don’t trust that their information (and their money) is safe, they’ll take their business elsewhere. What’s more, the introduction of increasingly stringent regulations such as GDPR mean ensuring a secure transformation is as much a legal matter as it is commercial or practical.
A thriving outsourcing market, and ongoing developments in security technologies mean financial service providers don’t need to go it alone. They do, however, need to act early. The risks are high, but so too are the rewards. It’s important therefore, to strike a balance. For any digital transformation strategy to succeed, security must be a consideration from the outset.