Most Financial Firms Are Underprepared For Cyber Security Risks and Fintech could be a big winner
The fragility of the world’s Internet ecosystem was exposed earlier this week when an outage at Amazon Web Services rippled across the World Wide Web, disrupting everything from question-and-answer site Quora, to bill splitting app Splitwise and the outage even reportedly disrupted IoT connected home devices such as Nest Thermostat and Amazon Echo. Even the US Securities and Exchange Commission was impacted with loading times increasing by up to 1165%. The infrastructure collapse was so bad even Amazon couldn’t update its own AWS status dashboard.
Initially thought to be a large-scale hack attack, it has since emerged that the outage was nothing more than a fat finger error. Amazon released a press release yesterday stating one of its employees was debugging an issue with the billing system and accidentally took more servers offline than intended. This error started a domino effect that spread across the entire ecosystem.
While AWS’s collapse wasn’t brought about by malicious intent, it has reignited the debate around cloud connected device security and the world’s increasing dependence on cloud infrastructure.
Most companies just aren’t prepared to deal with the growing cyber security threats posed to their businesses.
Most Financial Firms Are Underprepared For Cyber Security Risks
Cyberattacks increased by 50% in the second quarter of 2016 compared to the second quarter of 2015, and the number of cyber attacks against financial institutions is estimated to be four times greater than against companies in other industries. A study in the first quarter of 2016 found that there had been a 40% increase in cyber attacks targeting financial institutions.
According to Deloitte’s 10th annual global risk management survey, while cyber security is at the top of most risk managers’ agendas, roughly half of the survey’s respondents were either extremely or very concerned about several issues related to IT systems, including legacy systems and antiquated architecture or end-of-life systems. 51% of respondents cited this as being their core concern while 49% were extremely or very concerned about the inability to respond to time sensitive and ad hoc requests. A lack of flexibility to extend existing IT systems and a lack of integration among systems, are two other areas of concern.
The Deloitte effort surveyed 77 financial institutions, representing a range of financial sectors, with aggregate assets of $13.6 trillion so the results here are more reliable than most.
Along with creaking IT infrastructure, respondents also indicate that while institutions are extremely or very effective in managing traditional risks like liquidity, investment risk and underwriting, 42% of respondents believe that firms are less effective in areas like cyber security and data integrity.
The root cause of this issue may be the fact that cyber security talent is difficult to attract and retain. Since cybersecurity is a growing concern across all industries, the competition is especially intense for professionals with expertise in this area. 58% of the respondents to Deloitte’s effort said hiring and acquiring skilled cyber security talent is a challenge for their business. 57% said getting actionable, near real-time threat intelligence is another challenge.
Despite the size of the cyber security issue facing businesses, only 61% of the respondents noted their organizations have a single individual responsible for cyber security. 100% of the institutions in the US and Canada reported having an individual in this role but in Europe only 62% of respondents said their firm has a similar position in place.
Considering these responses, it’s no surprise then that only 32% of respondents considered their institution to be extremely or very effective in managing cybersecurity risk, and only 27% rated their institution this highly when it came to managing cybersecurity risk in its third-party relationships.
The report notes that all the problems mentioned above could help the Fintech industry, stating:
Given the level of concern about these system-related issues, it appears that there is an opportunity for fintech solutions.
When it comes to the business environment, the more widespread emergence of fintech firms has substantially raised the level of strategic risk. These start-ups are threatening to disrupt financial sectors and services such as lending, payments, wealth management, and property and casualty products.
Financial institutions are facing a fiercer battle for talent. The implementation of new and more stringent regulatory requirements has increased the demand for professionals that possess both risk management skills and experience in the financial industry.
The expansion of regulatory requirements over the last several years has led compliance costs to skyrocket, and financial institutions are looking to rationalize their processes and use technology applications to create greater efficiencies.
Viewed in combination, these trends mean that effective risk management is becoming increasingly important. In the current uncertain regulatory and business environment, financial institutions should consider taking their risk management programs in new directions and to a new level to meet the new challenges that lie ahead. At the same time, they will want to develop efficient business processes. This will be especially important as pressures build to restrain risk management spending in a low-growth and low-interest-rate environment. Most important, they will require agile processes and nimble risk information technology systems that will allow them to respond flexibly to potential changes in the direction of regulatory expectations or from disruption caused by fintech players.
Already there have been some inroads, the report states:
Strategic risk is increasing as entrepreneurial fintech players are competing with traditional firms in many sectors.
Another source of strategic risk is the more widespread emergence of fintech start-ups, which leverage technology capabilities to compete withtraditional banks, investment management firms, and insurers in such areas as loans, payment products, wealth management, and property and casualty insurance. Although still a small segment of the market, fintech firms are expanding at a rapid clip. The investment in fintech has grown from $1.8 billion in 2010 to $19 billion in 2015, and in 2015, Goldman Sachs estimated the market to be worth $4.7 trillion.28 Fintech firms have been able to innovate at a faster pace than traditional institutions, for example, creating loan origination platforms that pull information directly from customer tax records and other financial providers, resulting in a faster, cheaper, less burdensome, and yet more accurate process.
“Ultimately, I think fintech will merge with the banking industry. That could be both beneficial and detrimental to existing players. I think there’s an emerging realization that fintech will bring an awful lot of competition to the banking industry.”
—— Chief risk officer, large financial services company