When a person sends money to anyone by keying in his personal details and passwords on any digital finance application on his smartphone, he believes that all his details are secure and the transaction is trustworthy. If he or anyone who accesses digital applications has any doubt about the possibility of leak of his personal information to any third party, he would never do that.
Any breach of trust can impede the business model of any digital company, and it may have to shut down finally. So digital trust is the utmost important element for any financial technology company, and their overall business depends on it.
Since the assets have become less tangible and more distributed, they have become more prone to cyber attacks. Keeping the data and personal information of clients safe and secure have emerged one of the biggest challenges for any digital finance company.
From individual hackers to organized group of people or sometimes government-sponsored attack from one country to another country’s financial institutions have raised cause for concern for even the most advanced and sophisticated digital cyber security provider in the world.
So the million-dollar question is, how can a FinTech attain digital trust when the threat of cyber attack looms large on it every moment?
The latest report by Accenture titled ‘The State of Cybersecurity and Digital 2016′ answers this question.
It says, “Organisations should focus not on technology state-of-the-art, but instead on state-of-the-art cyber security as an organizational mindset—one that continually evolves and adapts to counter changing threats.”
According to the report, attainment of digital trust requires a leadership-driven cyber security culture throughout the enterprise and holistic security approach that results in shared “digital trust” and greater value for all stakeholders.
The report suggests five key areas – (a) talent, (b) technology (detection and response), (c) organizational parity, (d) budgets and funding, and (c) management – which can strengthen a company’s resistance to any individual or organized cyber attack and make it a successful digital enterprise in the trust-based economy.
To learn how cyber security threats are perceived and dealt with in digital companies, HfS Research and Accenture surveyed 208 enterprise security professionals across a range of geographies and vertical industry sectors.
The purpose of this study was to understand the state of cyber safety and the steps the enterprise should take to foster digital trust throughout the extended enterprise.
The report found that FinTechs are investing in first technology defense like firewalls and behavioral analytical tool however these companies don’t have skilled security professionals who can take the full benefits of the existing security technology.
Data theft of corporate information by either insiders or outsiders, hiring security talent and training, employing the most sophisticated and up-to-date technology such as artificial intelligence, data anonymization, behavioral tracking, automation etc, difference in security maturity in different enterprises and lack of adequate budget or funding were some of the important aspects of the report.
Hiring security talent and their training a real challenge
The preparedness to thwart any cyber attack remains the first challenge in a majority of FinTech companies due to lack of any budget allocation to either hire people who have expertise in cyber security or train the existing employees engaged in company’s security.
42% respondents in the Accenture survey says that businesses spend money to buy security technology but hiring safety experts and training is not their priority.
76% respondents feel the need for improvement in their ability to have cyber security audit while 24% say they are well-prepared with state-of-the-art technology for any contingency.
Cyber-security experts believe that companies should not only increase the number of cybersecurity professionals to the best possible level and they should undergo a regular training with the latest in the cyber security system.
New technology can mitigate cyber threat
The majority of FinTech companies are dependent on old technologies such as firewalls and encryption to fight against cyber attack, however, cyber experts believe that these measures are not enough now as the cyber threat has evolved much more sophisticated than what it used to be earlier.
FinTech companies should spend on new skills such as Cognitive/Artificial Intelligence, data anonymization, behavioural tracking, and automation which will help prevent any cyber threat.
The cyber security wing in any company should be allowed and encouraged to innovate as well as test the new technologies so that they can keep pace with the latest in the cyber attack.
Cybersecurity readiness is different in different departments/companies
The preparation and concern for cyber security vary from one unit to another in an enterprise. For instance, the Accenture survey finds that information and technology teams in a company are rated among the most secure in comparison with sales teams which is supposed to be the least secure.
This difference in preparedness among companies which are part of the same eco-system carries a threat of data and information breach. A Fintech company might have made all cyber security arrangements, but its allied partner might not have the same level of readiness, and the latter can become a source of the security breach for others.
The Accenture survey reveals that between 35 percent and 57 percent of enterprises vet ecosystem partners for cyber-integrity and preparedness, with BPO partners being the least vetted and credit partners being the most vetted.
Experts believe that executive management and cyber security professionals in a company should work in harmony to understand if there is any gap in the security arrangements.
Cyber security is not a funding priority
Despite companies acknowledging cyber security as the major threat to their business, 70% of respondents in the survey accepts the major reason for a lack of cyber security is inadequate to fund allocation for buy latest technology and hire right kind of talent.
There are a very few FinTech companies which have adopted a holistic approach to allocating adequate fund and then ensure it goes for that purpose. Experts suggest that companies shouldn’t treat cost to be spent on cyber security as the overhead burden.
Since a majority of data or information breach is caused by a ‘corporate insider’, companies need to put in place physical security measures along with the digital one. A mechanism to keep a check on unauthorised access to data needs to be put in place which can help keep corporate insiders away to access crucial information.
At the same time, it’s equally important for companies to quickly identify data leakage so that timely action can be initiated. All these things are only possible when the company is willing to spend a substantial chunk of the fund on cyber security.
Management should assume a visible, vocal role
Executive managements’ role in addressing security related issues in any company shows its focus for digital trust. 54% companies in small and medium enterprises category say that their management believes cybersecurity is an enabler of digital trust for consumers.
At the same time, a substantial percentage of managements’ view in large enterprises doesn’t support too much emphasis on cyber security as they believe it’s unnecessary.
Experts believe that the positioning and reporting structure in companies play the key role in creating a culture of cyber security. If a company doesn’t have a chief risk officer or its cybersecurity professionals don’t directly report to the top management or COO, such companies don’t realise how essential digital trust is for the success of their businesses.
The report suggests that executive management should assume a visible, vocal, and engaged position on cyber security, fostering a culture that values and leverages enterprise-wide digital trust.