One of the worst fears most people have about cyber security is the threat of their bank accounts getting raided. It's bad for customers but worse for banks who not only have to potentially cover such monetary losses but risk reputational damage.
These days, with organised cyber criminals running mass-scale hacking operations and selling and/or sharing information about institutional vulnerabilities investment banks may require more than their internal resources to fight back.
Furthermore, banks are increasingly migrating their operations from custom-built IT systems to flexible, cloud-based platforms. With data housed outside of the traditional confines of a private data centre, cloud security becomes a responsibility shared with service providers and internal security resources as well. To be clear, cloud security problems are solvable, assuming appropriate governance and organisational structures are in place.
But cyber security is a proactive issue, not just a reactive one.
A worldwide survey of more than 900 executives conducted by Accenture Strategy found that more than two-thirds of respondents believe the likelihood of a cyberattack to be "very" or "extremely" high (and a similar share sees a high likelihood of data or privacy breaches). But only nine percent run inward-directed attacks and intentional failures to test their systems on a regular basis. There is a significant disconnect between cyber-threat awareness and preparedness in most organisations.
The key to repairing that disconnect is to make sure that effective cyber security begins at the top with the board of directors and senior management. A 2015 study conducted by Accenture and Ponemon Group found that firms that displayed leadership in cyber security shared certain characteristics, including immediate reporting of security incidents to the CEO and board of directors, clear definition of responsibility and authority pertaining to security, and effective communication of security requirements to all employees.
Some players have begun exploring promising new technologies to identify and prevent cyber incursions. Following in the footsteps of retail banks that are using biometric authentication at automated teller machines in certain countries, some investment banks are piloting voice biometrics for added security and a better customer experience during telephone transactions. Others are exploring new authentication methods, such as social log-ins and risk- or content-based identification. Although still in very early stages, such services may soon represent a competitive advantage for firms with tech-savvy clients.
Investment banks can benefit from important features of new security technologies, including the ability to identify anomalies in network traffic, prioritise threats and provide advance warnings of possiblebreaches.
Sign up for CIO Asia eNewsletters.