There’s a saying about trust that is always useful to remember: Trust takes years to build, seconds to break, and forever to repair.
In our latest research study, “The Currency of Trust, why Bankers and Insurers Must Make Customer Data Safer and More Secure”, we found that consumers trust their banks and insurers innately with their data. However, once this trust is broken, they are quick and decisive to act. Three quarters of consumers (74%) would switch financial institutions in the event of a data breach.
To ensure that trust with customers is not broken beyond repair, banks and insurers must address a range of issues:
- The rising threat of cyber-crime and the increasing sophistication of those behind the attacks
- The need for compliance in an era of heavy regulatory scrutiny around data protection
- The need to drive digital innovation in the business while maintaining security for end customers.
Because these different issues have separate objectives, and operate at different paces, a single-speed approach will not suffice. Organizations need a more flexible, multi-speed cyber-security approach that manages risk while also ensuring the organization can accelerate when it needs to seize a digital opportunity. Imagine the cyber-security approach as a fleet of planes, where different planes meet the demands of different cyber-security priorities, while providing an integrated whole.
The long-haul A380s. This is the part of your cyber-security operating model that fixes the basics and secures the foundations. This involves:
- Industrializing core cyber-security infrastructure protection and detection services. Innovations, such as Artificial Intelligence and advanced analytics, strengthen detection and response to cyber-attacks.
- Rationalizing compliance requirements as part of a unified controls framework, responding to the demands and deadlines of regulatory and industry requirements: GDPR, Swift security, Critical National Infrastructure, European Central Bank requirements, and so on. Rationalizing all these requirements and tackling them as one single compliance program will help save time and lower costs of compliance.
The private jets. The opportunity of digital transformation also brings with it new risks. For example, you may need to open up your platforms to other market players with the advent of PSD2, through micro-services, APIs, facilitated via DevOps, Cloud and other technology enablers. Here, you integrate cyber security and data privacy into the design of these projects, ensuring security and privacy are part of the flight-path.
At the same, you address customers for a streamlined and secure user experience. The use of enablers such as strong authentication leveraging non-intrusive biometrics helps enhance the user experience all the while providing added security to bank accounts and critical financial transactions.
The turbo-prop. Here, for example, an organization may want to launch an innovative cyber-security product as part of a new customer experience in a cost effective and timely manner, leveraging Artificial Intelligence, Big Data and other digital enablers. The turbo-prop gets you to your destination with the minimum of fuss and the most direct route. It allows you to reduce costs and compress timelines through an agile approach, partnering with start-ups on a set scope, which is scalable over time. This lean start-up mode allows you to tackle cyber-security innovation projects that require POCs with a short life-cycle and go-to-market timelines.
And, of course, a fleet requires radar. You need part of your operating model to not only keep a watching brief on the threats you face today, but also ensuring you stay one step ahead of cybercrime by anticipating and monitoring emerging threats.
The fleet acts as an integrated, dynamic whole, boosting the cyber-security resilience of heavy duty infrastructure, helping meet compliance requirements, and ensuring organizations can seize the rewards of fast-moving digital innovation while managing risk. CIOs and information security leaders can make sure they allocate the right mode of cyber security protection to meet the differing needs of the business and its stakeholders. In this way, the trust that customers place in banks to safeguard their data will not only be earned, but also remain unbroken.