Blog article
See all stories »

Cyber and finance: Why bank CTOs need to get going

The past few years have seen banks playing catch up to the technological disruption which has unfolded across all industries. While the fintech sector is booming, many larger banks are still lacking the agility to respond to the fast-paced adoption of IoT, mobile and cloud technologies. Some see this as the end of traditional banking. The Telegraph’s Jeremy Warner recently warned that “technology promises far more damage to traditional banking than both the financial crisis and the regulatory constraints subsequently imposed put together.

The end of banking?

The fact is that there remains a large gap between what technology is capable of doing and what banks are able to deliver. Fintech start-ups are delivering the banking experience that both consumers and companies want. Meanwhile, traditional banks still struggle to deliver relatively simple services online. Appointments with retail bank managers, for example, still need to booked in-branch or over the phone.

However, we think that proclamations of the end of traditional banking are premature - there remain big opportunities for banks and this is the year for them to take action. CTOs are ready and looking to innovate and create new models to compete. Crucially, however, this needs to be done with security in mind.

The past year has seen a number of high profile breaches and cyber-attacks. HSBC for example, was recently hit by a distributed denial of service (DDoS) attack, which resulted in services being interrupted for most account holders. Similarly, RBS customers were locked out of their online bank accounts for nearly an hour last July due to a cyber-attack. This type of occurrence is hugely damaging for banks. They simply can’t afford system failures where customers end up locked out of their accounts.

Responding to the threat

This type of attack has helped make IT and cyber security one of the top priorities in banks. It is now often classified as one of the top three ‘risks’ at the board and management level and financial institutions are responding by looking to hire more IT security specialists and develop specific strategies around this. IT spending for cyber security is also increasing.  The Bank of England for example, recently announced it was upping spend in order to mount better defences and improve cyber-security training for staff across the organisation.

However, it will take time for banks to get up to speed. Their overall systems are still very complex and isolated, and often there is poor internal communication and limited automation of key processes. IT security standards are not widely adopted, and with new technologies coming in, gaps are being created. Despite a number of banks working to address such challenges, some failures are due to a lack of discipline and transparency in their approach to IT rather than a technical vulnerability in itself.

Embracing change… in banks and beyond

For the situation to improve, it will require both progress within individual organisations, as well as industry-wide changes. Standards, best practices and collaboration are key to making this work.

A lot of institutions are still investing in teams who are building in house systems that tend to quickly fall behind the industry and technology advances. There is a real need for organisations to invest in education and to increase awareness around potential threats in order for this not to happen. To develop secure software, it is crucial for development teams to model potential threats to their applications and to implement mitigations to those threats. Security needs to be a priority at each step of the development lifecycle of a new product or service.  

Aside from cyber or IT security risks brought on by recent changes in the market, banking systems in general are in need of a review. Many failures are the result of giant, sophisticated banking IT systems that keep growing in complexity without transparency or best practice discipline in their documentation and management. The issue will only get worse as banks are faced with new changes triggered by digital transformation and industry regulation. Technology and software are taking over many processes, and bankers cannot ignore this. The challenge needs to be addressed at all levels if banks are going to have a chance of competing with the disruptive fintech start-ups emerging with the promise of a genuine alternative to traditional banking and payments systems.  

A general push from regulators may be exactly what is needed to get bank CIOs and CTOs to play a more important role at the board level, but the responsibility isn’t theirs alone.

So, what are the recommendations for CTOs in finance? In order to drive innovation, they need to improve on their best practices and make IT security a part of all design and development processes, not an afterthought. Most importantly, they need to get going – it’s time to work on security as a priority, as well as to improve collaboration to prevent gaps and siloes emerging. This year is their chance to crack it!

 

5115

Comments: (0)