The International Day of Banks 2024 which falls on December 4th highlights the indispensable role of trust in banking. However, as banking transitions from physical ledgers to digital platforms, the foundation of trust faces unprecedented challenges from cyber threats, data breaches, and phishing scams which threaten to erode customer confidence, making cyber security not just a technological necessity but a trust enabler.
Consider this: According to Check Point’s Threat Intelligence Report, banking and financial institutions in India experienced an average of 2,525 cyberattacks in the past six months, significantly higher than the global average of 1,674 attacks per organization. This places the financial sector among the most targeted industries in the country.
Recently, a ransomware attack on a technology service provider disrupted payment systems for nearly 300 smaller Indian local banks, causing a temporary shutdown. Banks nationwide are on heightened alert, with the Reserve Bank of India (RBI) warning of potential cyber threats. Financial institutions have been instructed to closely monitor critical systems like SWIFT, card networks, RTGS, NEFT, and UPI.
Over the past two decades, the financial sector has faced more than 20,000 cyberattacks, resulting in losses amounting to $20 billion, as highlighted in the RBI’s Financial Stability Report. Furthermore, reports suggest that 69% of reported cyberattacks targeted scheduled commercial banks (SCBs), followed by 19% affecting urban co-operative banks, and 12% involving non-banking financial companies (NBFCs).
Globally, high-profile incidents such as the December 2023 cyberattack at the Central Bank of Lesotho disrupted the national payment system, preventing transactions by domestic banks, highlight the devastating consequences of inadequate cyber security.
According to data from IMF (International Monetary Fund) and Advisen cyber loss data, in the last 20 years, the financial sector has lost $12 billion as a result of more than 20,000 cases of cyberattacks. The financial sector is often targeted by cyber criminals seeking to steal money or disrupt economic activity, especially due to the large amounts of monetary transactions and sensitive data each bank handles on a daily basis.
This brings into focus how essential cyber security would be to the banking industry as a whole. Robust cyber security frameworks serve as the invisible guardians of trust, ensuring that financial institutions can uphold their promises to customers in the digital age.
The Interplay of Trust and Technology
Trust and technology are inseparable in today’s banking ecosystem. While technology enables convenience through e-banking and mobile apps, it also opens avenues for sophisticated cyberattacks, such as phishing schemes and ransomware.
The collapse of this trust—caused by cyber breaches—leads to tangible losses, including:
- Financial Losses: Direct theft of funds or resources required for system recovery.
- Disruption of Critical Banking Services: Delays in e-payments and account access impact customers’ day-to-day lives, which could also cause spillovers to other institutions.
- Brand Erosion: Customer dissatisfaction and media coverage damage long-term reputation.
Such threats to the financial and economic stability due to erosion of confidence in the financial systems, could have further widespread consequences that could possibly go so far as to disrupt global finance operations by impeding the flow of credit between financial institutions.
Maintaining customer trust now hinges on a bank’s ability to safeguard sensitive information and ensure seamless, secure transactions
The Fight Against Cyberattacks on the Banking Industry
Governments globally have established regulations to fortify the cyber security framework within the banking sector, which has picked up pace in recent given that the financial sector is often perceived as a ‘critical infrastructure’ for each country.
For instance, in the United States where some of the largest banking cyberattacks have been seen in recent years, the Federal Financial Institutions Examination Council (FFIEC) provides a Cyber security Assessment Tool to help institutions identify risks and assess cyber security preparedness. Additionally, the Gramm-Leach-Bliley Act (GLBA) mandates financial institutions, that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data such as consumer information.
In Europe, the EU (European Union) all-powerful General Data Protection Regulation (GDPR) enforces strict data protection and privacy laws, requiring banks to implement robust cyber security measures to protect customer data.
Here in APAC, the Monetary Authority of Singapore (MAS) has issued the Technology Risk Management (TRM) Guidelines, sets out risk management principles and best practices to guide financial institutions to establish sound and robust technology risk governance, to help banks to manage technology and cyber risks effectively. Whilst over in Australia, the Australian Prudential Regulation Authority (APRA) introduced Prudential Standard CPS 234, which aims to reduce cyber risk and improve cyber security by requiring that APRA-regulated entities maintain an information security capability commensurate with their information security vulnerabilities and threats, and employ vendor risk management practices to reduce the likelihood and impact of incidents.
The Best Means to Preventing Cyberattacks
- Implement Zero-Trust Architecture: Assume all devices and users are untrusted by default.
- Leverage AI-Driven Threat Detection: AI can identify and neutralize anomalies in real time.
- Encrypt Sensitive Data: Secure data both in transit and at rest.
- Regular Security Audits: Frequent checks help identify and mitigate vulnerabilities.
- Secure Third-Party Integrations: Vet vendors and monitor supply chain vulnerabilities.
- Customer Education : Educating customers on best practices in cyber – from strong password policies to promoting MFAs and training customers to identify phishing attempts will go a long way in helping prevent such attacks. An informed customer is less likely to fall victim to fraud, reducing both individual and institutional risks.
Said Sundar Balasubramanian, Managing Director for India and SAARC at Check Point Software Technologies, “In the digital era, trust in banking is built not just on service quality but on the institution’s ability to secure its systems and data. Cyber security serves as the backbone of customer confidence, ensuring financial stability and operational resilience. As we celebrate the International Day of Banks, let us recognize that the trust customers place in banks is safeguarded by the quiet but powerful guardians of cyber security who advocate further investment in the lastest cyber security offerings and robust efforts at defending this critical sector.”
