By Connie Leung, Senior Director, Financial Services Business Lead – Asia, Microsoft.
The financial services industry has one of the most stringent operating and regulatory requirements. This is unsurprising as financial services companies, by the very nature of their business, hold vast amounts of highly sensitive and valuable information. And the flow of data through financial services companies will only grow as they expand their digital services and customers increasingly rely on digital platforms to transact.
While financial service companies are usually keenly aware of the grave importance of safeguarding their customers’ data, and have a greater level of cybersecurity preparedness compared to organizations in other verticals, more than half (56%) of the organizations have either experienced a security incident (27%) or are not sure if they have had a security incident as they have not checked (29%), according to a Frost & Sullivan study.
(Click here to read more about this study: “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World”)
With a trove of sensitive personal data as well as intellectual property, companies in this sector are prime targets for hackers looking to steal and sell that data in the underground economy. When such information is compromised, the consequences from the loss of trust are significant and far-reaching.
The True of Cost of Cyberattacks for Financial Services Companies
Based on the study, a large financial services company incurs an average of US$7.9 million of direct and indirect economic losses from a security incident. Of this, US$1.8 million comes from direct losses, such as customer disruption, remediation cost, fines from regulators and productivity loss.
However, the damage of a cyberattack can extend well beyond the obvious direct cost. The indirect losses that result from the attack can be even more damaging in the long term.
After a cybersecurity incident, the company’s share price can drop by 6% and they may incur US$6.1 million losses due to customer churn. In Asia Pacific’s hyper-competitive financial services landscape, if customers lose trust in the company’s ability to keep their private information safe, they can very easily move their transactions, investments and savings to another more trustworthy option.
Besides the economic cost that cyberattacks bring, what can be equally devastating for financial services companies is the loss of opportunities. According to a recent IDC study, digital transformation can improve financial services companies’ profit margins, productivity, customer advocacy and customer acquisition rates by 29% to 32% by 2020. However, as cyberattacks grow in number and sophistication, the fear of cyberattacks has slowed down the digital transformation progress in more than three out of five (63%) financial services firms.
Cybersecurity at the Heart of Financial Services Companies’ Digital Transformation Journey
In today’s business landscape, digital technologies play an integral role in transforming customer experience, creating new business models and ensuring cost-effective regulatory compliance for financial services companies. The success and competitiveness of these firms depend on digital transformation, and they really cannot afford to delay it.
To ensure financial services companies are able to safeguard their digital assets and continue to innovate, there are three recommendations that they can consider when embarking on their digital transformation journey:
- Position cybersecurity as a digital transformation enabler: In Asia Pacific, the majority of business and IT leaders (40%) in the financial industry still see their cybersecurity strategy as merely a means to safeguard their organizations against cyberattacks while only one out of four (25%) views it as a business advantage and an enabler for digital transformation.Evidently, the first thing that has to change is their cybersecurity approach. It can no longer be a tactical, supporting player to be brought on to guard the flanks of a larger transformation effort. It must be a strategic component, baked into the design of the company’s digital transformation plan. This approach will not only keep the company safe through its transformation journey but also allay boardroom concerns about the impact of security breaches on shareholder value, revenue and compliance;
- Incorporate cybersecurity at the design phase: For the majority of financial services companies in the region, cybersecurity is still an afterthought that only kicks in after their digital transformation project starts. However, as these organizations continue to rapidly grow their digital touchpoints, a “bolt-on” approach to security is simply too little, too late.Additionally, in this 24/7 digital economy, financial services companies face mounting customer demands that are pushing them to release new digital services and their updates on a near-continuous basis. This competitive environment makes it easy for them to succumb to time pressure, resulting in digital services being rolled out of the door before adequate security measures are in place. This is why cybersecurity strategies need to be factored in before a digital project starts, and be incorporated in every stage of the project lifecycle – from design to deployment to operation;
- Leverage AI and automation to increase capabilities and capacity: Like firms in other sectors, financial services companies must deal with the growing complexity in their systems. One way is to use artificial intelligence (AI) to manage and automate some tasks that are difficult or even humanly impossible to complete. The good news is that four in five (81%) financial services companies in the region have either adopted or are considering an AI-based approach to complement their cybersecurity strategy.Today, AI has been used to fight against fraud by analyzing patterns on millions of transactions on a network. This will continue with more computing power and sophisticated machine learning. In the same way, AI will help identify patterns in cyberattacks and detect loopholes that human operators may not detect because of the complex networks in place. It will detect persistent threats or attempts to exfiltrate data in a manner not possible in the past.
In today’s digital age, trust is the new currency. For financial services companies to maintain their competitive advantage, every digital platform and products they introduce need to be secure by design. After all, if data is lost, so is trust. And the loss of trust does not only jeopardize their digital transformation journey, it puts their future in the digital economy at risk.