Digital technology and data are all-pervasive in modern banking operations. However, while they are elevating efficiency and experience, they are also increasing security risks. Not surprisingly, nearly three-fourths of banking industry Chief Risk Officers rate cybersecurity risk among their top risk priorities for this year.
By 2025, the global datasphere is expected to touch 175 zettabytes of data, with a large chunk possibly coming from the financial sector. Banks must deal with enormous quantities of sensitive data, increasing their exposure to identity or data theft and credit card fraud. According to a recent global study on digital banking, 73 percent of consumers now use a mobile app for their banking needs, representing a notable rise by 12 percent within the past two years. An S&P Global Ratings report found that banks are attractive targets for cyberattacks because of the volume of direct payments that they handle.
Unfortunately, even one successful attack could impact the entire financial system. The shortage of cyber-skilled workers and competition with the IT sector further heighten concerns. Overall, the Australian banking system has been able to limit its risk thanks to the early steps taken towards strengthening cyber risk management, industry collaboration, and strong capitalization.
However, this does not mitigate the severity or quantity of threats against Australian banks. For instance, one of the largest Australian banks saw 8 to 10 million attacks a month at one point during the pandemic.
The security chiefs of Australia’s biggest banks agree that fending off cyberattacks is akin to a team sport. They have adopted a collaborative approach, leveraging their combined expertise and resources to combat the growing cyber threat landscape. They are also working closely with the Australian Government to ensure that Australia’s financial sector becomes one of the safest in the world by 2030.
Based on our experience and observations, we believe three trends will drive banking cybersecurity in 2023 – holistic Data Risk Protection (DRP), protection of Sensitive Data, and Cyber Resilience.
Protecting sensitive data while ensuring resilience
In addition to promoting a culture of ‘Secure by Design’ and ‘Privacy by Design’, there is also a need to comply with cyber security regulations as part of a larger ESG commitment.
Supply chain networks are believed to be the cause of 17 percent of initial infection vectors for cyberattacks. Therefore, taking a holistic approach toward cybersecurity that includes customers and supply chain partners is key. Digital Risk Protection (DRP) services can prove to be effective since they comprise a threat intelligence database, intelligent algorithms, and multiple reconnaissance methods that can help detect, track, and analyze threats in real-time. DRP solutions also use Indicators of Compromise (IoC) and Indicators of Attack (IoA) to analyze risk and flag potential attacks.
In addition to traditional approaches such as encryption, hashing, anonymization, pseudonymization, and digital signatures, data security options such as hardware security modules (HSM) and data tokenization can help improve security, trust, and business agility. While HSMs include hardened, tamper-resistant hardware devices, data tokenization replaces sensitive or personal identifiable information (PII) with a non-sensitive ‘token’ to reduce the risk of compromise.
In addition to this, an effective cyber resilience approach is crucial. This includes security controls backed by robust governance, basic hygiene aspects, rapid response and recovery, corrective/preventive measures, collaboration with regulators, and a robust roadmap aligned with enterprise strategy. According to a WEF survey, 81 percent of global cyber leaders said digital transformation was the way to cyber resilience.
The APRA is also introducing the CPS 230 (Cross-industry Prudential Standards) to strengthen operational risk management in the banking, insurance and superannuation industries, which will come into effect on 1st July 2025.
Increasing digitalization brings its own kinds of cybersecurity risks, not only for banks but for all enterprises. We believe the above three measures help mitigate these risks in a significant way for enterprises, supporting their inclusive efforts, and enabling the management of the risks, security, and resilience of their ecosystem.
About The Authors
Rajashekara V. Maiya
Vice President and Global Head Business Consulting - at Infosys Finacle
Rajashekara Maiya is responsible for Business Consulting at Finacle, which includes Pre-sale, Solution Architecture, Account Mining, Digital offering. Previously he was responsible for charting the product strategy of Finacle, the flagship banking solution of Infosys. This role included responsibility for, defining the detailed product roadmap, Strategic acquisition & alliance partner identification & management, client engagement and representation of the company with external stakeholders such as analysts and media. He also was responsible for the Cloud Business for Finacle, including charting our strategies for Cloud Hosting, working with Cloud Infrastructure providers. Further, he was responsible for the Eco-system collaboration and bringing out point applications in the banking space and Fintech engagements. Maiya has been quoted in publications such as Forbes, The Banker, Banking Technology and the Economic Times. He is also visiting faculty to many universities, and speaks regularly at SIBOS, Asian Banker, MEED and others. He is on the expert panel of the McKinsey Quarterly, a member of the XBRL Abstract Modelling Task Force (AMTF) Group. He is also the co-author of book “SMACing the Bank” which was released in November, 2017.
Ravi Venkataratna
Senior Industry Principal Business Consulting Group – Infosys Finacle
Ravi Venkataratna has over 24 years of experience working primarily in the banking technology industry and has also worked with startups. He brings a techno-functional-commercial perspective and has helped build Infosys Finacle as a world class banking platform and has worked with global banks in adopting Finacle solutions in their technology modernization initiatives. In his current role, he leads a global team of Senior Solution and Enterprise Architects who work with several large and key client banks in their technology and digital transformation initiatives.
Theo Albers
AVP & Head of Business – ANZ, Infosys Finacle
Theo heads the business for Infosys Finacle for the Australia and New Zealand market, supported by a team comprising of sales, business consulting, pre-sales, delivery and marketing. He comes with a strong technical background, and ample experience in complex multi stakeholder strategic delivery programs. From his many years of experience Theo has good knowledge of banking software functional capabilities, ability to design solution offerings and services to support customers strategic objectives by applying technology to address real world problems.