Written by: Ricardo Ferreira, EMEA Field CISO, Fortinet

Digital acceleration is impacting how we work, live, and consume services. In addition, the digital evolution of Financial Services Organizations (FSOs) raises essential questions about the future of banking. One looming concern is how FSOs will compete against fintechs, including addressing the need for innovation to improve customer experience.

Ricardo Ferreira, EMEA Field CISO at Fortinet

Adapt to changing times

The top three strategic areas outlined in the IDC Infobrief, sponsored by Fortinet, “Accelerating Transformation Through Cybersecurity in Financial Services,” highlight the core priorities for financial institutions: Trust, Security, and Resilience. So, the question is, how can FSOs lead and win through innovation while ensuring that risks do not overwhelm a traditionally risk-averse industry?

Many FSOs have begun adopting new digital business models to help them thrive in a digital-first economy. These include prioritizing investments in key areas such as data-driven security, legacy modernization, and personalized and contextual customer experiences. But for these business models to work, they will need to rely on data, analytics, and cloud platforms.

So, when we ask, “what does success look like for the future-ready bank?” we see three major themes:

• Automation and cost reduction: Automation, managed services, and cloud platforms will enable FSOs to innovate faster. Automation allows business units to integrate with the rest of the organization, build self-service, and reduce manual labor costs, such as adopting Robotic Process Automation and artificial intelligence-powered chatbots to deal with insurance claims. In investment banking, robot advisors use machine learning-powered algorithms to help retail investors make better decisions. Thanks to cloud platforms and managed services, these new products and services are economically feasible because they shift traditional CapEx to activities that create more value.
• Customer intelligence and centricity: New platforms provide data and analytics for anticipating customer needs and hyper-personalizing the customer journey. Customer data, such as investment patterns, can guide a robot advisor to recommend portfolio choices aligned to customer preference. Similarly, natural language processing can help an AI system quickly assess a customer’s issue to redirect them to the nearest branch or get the appropriate representative involved.
• New value propositions: Open banking was a massive change for banks, helping them realize the power of APIs. Building Banking as a Service (BaaS) has allowed them to develop new services and create stronger partnerships.

But what about the customer experience?

Who is not irked when reminded of their first troubled mobile banking experience, with terrible UX and lack of integration? It’s why, when some fintechs launched their online mobile banking, it was a beacon of light in a dark room. A real-world security example that everyone might remember was the usage of biometrics for accessing online mobile banking. Big brands took a long time to adopt it, and while it might seem trivial from a UX perspective, it’s leaps and bounds towards progress.

Today, traditional brands regularly launch products that emulate offerings from nimbler fintech organizations. The lesson is clear: to gain a competitive advantage, banks must focus on creating a fast, intuitive, and seamless customer experience.

Are clouds grey in banking?

These business models require the accelerated consumption of new platforms, such as cloud computing. Financial organizations must understand they can create differentiated value and increase competitiveness by using the cloud to increase their speed of innovation and accelerate the go-to-market of new services and products.

Cloud platforms also serve as a bridge to modernize financial organization workloads. CIOs want to migrate workloads cohesively while ensuring the capabilities from their on-prem solutions are still available. Major Cloud Service Providers (CSPs) have jumped at the opportunity to integrate their environments into the same control plane.

Yes, but isn’t that risky?

Regulators have flagged the concentration risk. For example, the Bank of England has highlighted it in their stability reports. The latest Financial Conduct Authority (FCA) PS21/3 rules address third-party risk and operational resilience. And the European Union has gone a big step beyond with its Digital Operational Resilience Act (DORA).

All these activities and proposals are designed to address these concerns. The European Systemic Risk Board has flagged cyber as a systemic risk to the European financial system due to the increase in cyberattacks—especially in the financial industry, which is 300 times more likely to be the target of cyberattacks. The International Monetary Fund (IMF) emphasizes that cyber events propagate risk through the entire financial system via three broad transmission channels: risk concentration, risk contagion, and erosion of confidence.

That is why cybersecurity is a priority as part of the EU’s “Europe fit for the digital decade” policy program. Programs such as EU-HYBNET, ACCORDION, and DORA for financial services ensure Europe works as a single entity by harmonizing requirements to increase resilience and protect citizens.

What can financial organizations do about it?

To start, security needs to be woven into transformation efforts to ensure that innovation and transformation are conducted securely. For this to work, security must be included from a project’s inception, not as a bolt-on after a project and its services are launched.

What about protecting financial assets?

55% of European financial organizations already use some form of zero-trust strategy for their authorization and authentication. Zero-trust shifts the traditional paradigm from the implicit trust for users and resources inside a static, network-based perimeter to an authentication model that focuses on users, assets, and resources. Zero-trust requires authentication and authorization to be performed every time access is granted to a specific resource.

How do we address the ‘weakest link’ problem?

While people are an organization’s most critical asset, they are also the primary source of data breaches and network compromise. Organizations must be prepared for a loss of control if their workforce is not educated on cyber awareness. Some large financial organizations have created partnerships with e-learning portals and vendors to provide tailored courses using nudges and financial instruments to reskill the workforce with new technologies. Similarly, financial organizations must plan to mitigate the rampant cybersecurity skills shortage, which will impact 90% of organizations by 2025, resulting in delays in the transformational journey.

What can we do?

Digital acceleration is essential for competing in today’s financial marketplace. However, it doesn’t come without risk. First, ensure employees are trained and reskilled in the organization’s technologies. Second, share data with industry peers to learn best practices and identify potential issues. Transaction Monitoring Netherlands (TMNL) is an excellent example of transaction data sharing to mitigate Anti-Money Laundering (AML).

Finally, work with vendors and partners committed to cross-vendor openness and integration. When vendors work together across the threat landscape, the sum of their products is greater than the individual parts, deepening your level of cyber protection.