Select Page

The Risk of Banking

Andreas Wuchner

I just came off a big Zoom call with traditional bankers where they discussed changes in client behaviors, and the impact which new technologies bring, that fundamentally challenge today’s traditional European banking models.

At the end of 2019, Boston Consulting Group published a whitepaper called “The Race for Relevance and Scale” in which they analyzed how much digital technology is used in the different regions. They concluded digital transformation is already in full swing. At the end of 2019 in fact only 12% of all banking transactions were executed within branch offices with local banking employees.

REBEX Survey

A big majority of the participants however talked about the rising risks of electronic banking and pointed specifically to cyber risks. While COVID-19 has accelerated the shift towards digital channels in 2020, it has also brought significant changes to overall customer behaviour. But have cyber risks really changed?

Research shows that the general channel usage during COVID-19 has changed. More than 18% of customers for example have increased their usage of mobile banking apps. The attack surface and the amount of people who can fall victim to a banking application cyber-attack though has also increased. Nevertheless, 87% of all customers surveyed place the same trust in their bank as they did before the crisis, independent of the channel they use.

These users want to be in control of their data and are willing to let companies use their data only if they receive clear value in return.

Why do people believe that cyber risks have grown exponentially over the last 10 years? If we look at typical cyber risks around web- or cloud-based applications, we often see certain clusters of risks. Customer data exfiltration and/or manipulation, financial resources theft and system and resource availability are good examples. These clusters however have not changed much lately and despite evolutionary changes in technology, these risks have fundamentally stayed the same.

Technology has certainly evolved with lightning speed. Mobile devices and applications have drastically reshaped the way we do business. More change is on the horizon as voice recognition, virtual and augmented reality, and artificial intelligence create new customer interfaces and business platforms. Such technologies and platforms will be key enablers for new services and will definitely intensify the digital transformation and the competition between product and service providers. Is new technology driving the increased sense of risk?

Customer preferences have also changed over time. More than 21% of banking customers plan to limit or completely stop using branches for their banking activities. Younger consumers at the same time are fueling the Sharing Economy (think AirBnb and Uber), marked by changing views in buying and owning (or not). This has significantly impacted traditional banking products like loans. Have these changes triggered the feeling of increased cyber risk?

I believe all of these trends are responsible for the feeling of increased cyber risk. They all share one common theme: TRUST. Like any relationship, when trust erodes, it signifies the end of the partnership.

The pandemic has also created changes in customer expectations and digital adoption. On average 8% of survey recipients in Switzerland enrolled in 2020 in online banking on top of the 78% who were already enrolled. These digital users cited two reasons for their move to online banking: they wanted to own their digital identities and manage the use and monetization of their data. These users want to be in control of their data and are willing to let companies use their data only if they receive clear value in return. Is Loss of Control driving the feeling of increased cyber risk?

What is the right answer? I believe all of these trends are responsible for the feeling of increased cyber risk. They all share one common theme: TRUST. We place greater trust in companies’ purpose and values. We trust our banking partners to keep our data and information safe in rest and in motion. We trust them to understand our context and monitor the content so that they always act in our best interest and to our benefit.  We trust our money will be safe and available, independent of the medium we use. Like any relationship, when trust erodes, it signifies the end of the partnership. What are you as a banker doing to keep the precious trust of your customers?

RELATED POSTS

Stagehand: S1 Episode 8

Stagehand: S1 Episode 8

Carl Timmons was given 24 hours to decide what he wanted to do. This was a tactic. Twenty four hours to sit alone and think about all the money he could want and the price he’d pay for it. And 24 hours to also contemplate what Andre Savin might do to him before...

Stagehand: S1 Episode 7

Stagehand: S1 Episode 7

Andre Savin and Lincoln Palmer had met on several occasions and had the type of relationship you’d expect between two men of their standings on the billionaire scale. Contemptuous but also understanding. They were both driven by the same desire—access to...

Stagehand: S1 Episode 6

Stagehand: S1 Episode 6

Belfast, New York - 1889 They called him The Boston Strong Boy—arguably the first real boxing star and one of the highest paid athletes of his time.  He’d always been good at school. He attended Boston College where his parents thought he might pursue...

What Is Zero Trust Anyway?

What Is Zero Trust Anyway?

About three minutes into planning this post, I had one of those “god, I am old” moments. Here is why I had the moment. I have worked in cybersecurity since 1994. My first job was at a big 3 working for the U.S. government through one of the world’s...

Stagehand: S1 Episode 5

Stagehand: S1 Episode 5

Kuwait, 1990 I’m launched out of a submarine a few miles off the coast of Kuwait City. When I swim to shore, I quickly change into my dry land clothes—a full burka. I was a six-foot-one Marine posing as a good Muslim woman. The catch, beneath the modest...

Ransomware: When Policy Matters Most

Ransomware: When Policy Matters Most

Most CISOs divide their approach to cyber defense into three pillars: people, technology, and processes. These pillars define a cybersecurity program’s defensive architecture and arsenal, available assets, and policies and procedures that together inform...

Selling to a CISO? Practice Empathy, Not Salesmanship

Selling to a CISO? Practice Empathy, Not Salesmanship

The cyber security marketplace is hot. Ask any candidate for a cybersecurity role. Better yet, ask any supplier to CISOs. The supplier audience is especially vast, and it’s continuing to grow. Just three years ago, there were estimated to be less than 2,000...

The Risk of Measuring Risk

The Risk of Measuring Risk

Automated measuring of control effectiveness is a very good idea conceptually. When you can combine control gaps with relevant threat information, you get a very good picture about the actual technical cyber risks your business faces. If done correctly, it provides...

Stagehand: S1 Episode 4

Stagehand: S1 Episode 4

Keith and I left the scene like we found it: the two kidnappers dead on the floor, their shotgun up against the wall, and the rope used to tie up Carl Timmons sprawled out on the floor. We tipped off local law enforcement and were gone before they arrived, leaving no...

SecOps Needs More Democratization, Not Less SOC

SecOps Needs More Democratization, Not Less SOC

An increasing complexity of technologies, as well as an increasing number of failures and attacks followed by an increasing dependency on business goals is changing the way we run Security Operations Centers. I previously discussed the concept of a Fusion Center as an...

Measuring a Cyber Awareness Culture

Measuring a Cyber Awareness Culture

Until recently, cyber awareness metrics have been treated by many as a tick-box exercise driven by regulations. The regulator requires x number of hours of cyber awareness training per employee per year, and once that is done, the organisation ticks a box and waits...

Good Enough Isn’t Good Enough Anymore

Good Enough Isn’t Good Enough Anymore

The cyber risks we face today are more than we faced previously but also fundamentally different in several respects. Our adversaries are more adept and their tools and tactics more protean in capability.  In light of these increasing challenges, our cyber defenses...

Stagehand: S1 Episode 3

Stagehand: S1 Episode 3

Cyprus ~ 2006 Ali Hassan was a low-level operative in Hezbollah, but we had it on solid authority that he knew where three high-level leaders of the terrorist organization were hiding. Keith arrived fifty-seven hours into Hassan’s interrogation and by the looks of it,...

Mitre Disrupting Advanced Persistent Threats
Share This