Across the Asia Pacific region, banks are relentlessly pushing digital boundaries. From Open Banking to new virtual banks to biometric-enabled transactions, the banking industry has never seen such intense competition and opportunity.
Unfortunately, the industry has also not seen such widespread misconceptions about cyber security.
Consider a new survey from Symantec and IDC of 120 banking customers in Asia, Hong Kong, India and Singapore. Some 83% of IT and cyber security executives consider their banks “far from agile.” However, only 43% of Line of Business (LoB) executives share this sentiment.
As cyber security lags behind the LoBs, they could face a massive crunch where they need to spend money they hadn’t anticipated to keep customer data secure.
This disconnect could have significant consequences as banks look to generate revenue from new data-sharing initiatives and from customers using emerging digital channels. As cyber security lags behind the LoBs, they could face a massive crunch where they need to spend money they hadn’t anticipated to keep customer data secure. Even more concerning, new banking systems – and thus the bank’s reputation – could be at risk because security was not built into the design of the systems.
This complex environment requires cyber security to embrace five key elements.
ALIGN: Understand the needs of the LoB, and align priorities across your organization.
Today, cyber security does not support the requirements for speed to market, availability and scalability. In part, this is because the business side does not include cyber security in their plans from the earliest stages. Banks must embrace a SecDevsOp approach, where security needs are a prime element in the integration of development, production and operations. Currently, though, only 26% of APAC banks do.
Forward-looking banks are using Chief Digital Officers (CDOs) – a title that was uncommon just 12 months ago. Security and IT teams are reporting jointly to CDOs, working together to move the business forward in a secure way. IT and security at these banks are presenting jointly at board meetings, allowing them to interact in synchrony with the business side without creating a huge amount of overhead. The new mantra of every cyber security group should be understanding and alignment.
HOLISTIC: Build a holistic data strategy as a foundation to achieve business priorities.
A holistic strategy requires having deeper conversations about how technology will interact with the customer and the business, rather than just focusing on how to secure specific applications. However, less than one-third of banks in our survey had a holistic approach to ensuring enterprise-wide cyber security awareness.
These banks risk falling behind innovative competitors. For example, some banks are building startup-like organizations for digital initiatives, rather than attempting to transform their traditional brick-and-mortar operations. In that way, the digital startup acts as a security test bed. New digital processes can be vetted, and the best ones retained, before they interact with core legacy systems. If the startup fails, the existing brand is more protected.
PLUG GAPS: Close technology gaps to accelerate digital transformation and gain speed to market.
Banks want software applications and interfaces into their customers to generate revenue more quickly. However, the Symantec/IDC survey indicated only 6% of banks are ready to embrace the cloud – a fundamental tool in achieving speed-to-market.
Understandably, cyber security teams are concerned about the stringent data-security regulations in the different countries in which they operate. However, their resistance comes at a time when the LOBs across the Asia Pacific region are lobbying for more regulatory freedom for the benefit of customers. IT and security must close these gaps if they don’t want to risk being left behind.
SECURITY FIRST: Incorporate cyber security into new initiatives and opportunities like Open Banking that extend beyond today.
Cyber security teams cannot focus on simply securing data, but need to understand what the LoBs intend to do with that data. For example, in Australia, the four big banks are being required to make banking data available to consumers, fundamentally changing the nature of financial services.
By the end of 2020, Open Banking will enable banks to create new products and services with their growing network of trusted third partners. As such opportunities bring new rewards and new risks, security must become a fundamental principle from the get-go of any initiative.
OPPORTUNITY: Show that importance of cyber security is not only for IT but across the organization.
Gaining and maintaining customer trust is central to Open Banking success. However, Open Banking is only one of the many fronts that are changing the nature of cyber security in the banking industry. Europe’s Global Data Protection Regulation (GDPR) has raised the standards for proper data management and data security.
Despite the growing emphasis around data security, only 31% of banks make the entire enterprise aware of the true nature of risks they are taking in the digital world. Banks need to appreciate that cyber security is core to their industry reputation and brand value during this transformation period.
It’s an exciting journey, but a challenging one. However, you don’t need to go alone. Contact Symantec to find out how we can help with your cloud and digital transformation journey.
Download the full IDC/ Symantec Research Findings HERE