Anurag Kahol, CTO at Bitglass
While cybersecurity is now critically important in every business sector, this is particularly true in the financial services industry. Although financial institutions may vary wildly in terms of the services they offer, one thing they all have in common is the high volume of personally identifiable information (PII) that they collect from customers. This data includes home addresses, financial histories, bank details, and more. Unfortunately, the high value of this data makes it an extremely attractive target for cybercriminals, which is why financial services organisations must take significant steps to ensure it remains protected at all times. In reality, however, does the industry take its security responsibilities seriously enough? Or is it playing fast and loose with our sensitive information despite looming fines and sanctions?
A recent study by Bitglass set out to uncover the state of cybersecurity within the financial services industry. Scrutinising breaches from the past year revealed just how safe our data truly is. The study compiled data from the Identity Theft Resource Center (ITRC) and the Ponemon Institute. Each year, these organisations conduct studies that provide detailed information about data theft in US financial services organisations. Analysing their records in tandem allowed Bitglass to uncover a wide range of insights about the financial breaches that have occurred over the past twelve months. This article will look at some of the most significant findings from this study and assess the implications for customers everywhere.
Financial breaches are rare, but those that do occur can be devastating
In total, only 6.5 percent of all data breaches that occurred over the past 12 months were suffered by financial services organisations – but that doesn’t tell the whole story. That 6.5 percent of breaches accounted for a massive 61.7 percent of all leaked records. This shows that while financial services organisations don’t suffer breaches particularly often, when breaches do occur, they tend to be much larger and more detrimental than those experienced by companies in other industries.
Hacking and malware remain the biggest (but not the only) threat by far
As malware continues to evolve, it’s becoming increasingly difficult to detect and block. Consequently, the financial services industry must learn to defend against this ever-growing threat by deploying the right security tools.
Over the past 12 months, hacking and malware have remained the biggest causes of data breaches in the financial services sector by far. They are responsible for 75 percent of all incidents (up slightly from 73.5 percent in 2018). Additionally, insider threats grew from 2.9 percent in 2018 to 5.5 percent today, and accidental disclosures increased from 14.7 percent to 18.2 percent.
Unfortunately, for organisations that struggle with implementing proper security measures, rising cloud adoption will likely only exacerbate these threats. When proper security is not in place, cloud and mobile represent new attack vectors to threat actors.
Worryingly, some organisations are not learning their lessons
Maintaining proper visibility and control over data can be challenging – particularly when the appropriate cloud and mobile security solutions are not put in place. Global cloud adoption has reached 86 percent and bring your own device (BYOD) policies have found their way into 85 percent of organisations. Regardless, financial services organisations need to be more cognizant of how their data is being used. Unfortunately, some organisations are still not learning their lessons. Consequently, they are suffering from a worryingly high number of recurring breaches. Even highly-reputable banks can be found at the centre of unenviable, record-breaking breach statistics, like those that have suffered five separate breaches in the last ten years, or Capital One, which suffered four in the last seven years.
The cost of each breach is taking an increasingly large financial toll on those involved
The bad news for financial services organisations is that the cost per compromised record has been steadily increasing over the last few years, both for regular breaches as well as mega breaches (i.e. those affecting 100 million individuals or more). The 2019 cost per breached record for mega breaches is now much greater than that of average breaches, with figures standing at $388 and $210, respectively. Additionally, Ponemon notes that the cost per compromised record within financial services now exceeds that of all other industries with the exception of healthcare (which was $429). Technology came in third place at $183, while the public sector came in last at $78.
Whether it’s careless users, malicious insiders, evolving malware, advanced phishing schemes, or something else yet to be discovered, modern financial services organisations face an intimidatingly large number of threats. As guardians of some of the most sensitive customer data in any business world, it’s critical that they adopt a proactive approach to data protection and are properly equipped with the latest security technologies. Only then can they defend against the threat agents in the cyber world.
‘MOVE FAST BUT DON’T BREAK THINGS’ – WHY FINTECHS WILL COME TO LOVE REGULATION
Alex Johnson, Director of Portfolio Marketing, FICO
The guiding ethos of fintech is move fast and break things. It’s the fundamental advantage that disruptors have over the incumbents they’re disrupting — the ability to move quickly and make mistakes, learn from them and deliver innovative services to customers. Generally, this ethos is presented as a virtue. Banking is ‘broken’ so any investments in improving it are both notable and noble – even if there are bumps along the way.
Conversely, anything that stands in the way of this ‘march of progress’ is generally cast as a villain.
The most prominent villain for fintech companies is regulation. From their perspective, it’s a competitive moat, based on rules written for a different century, that protects banks’ ability to make money without needing to innovate and offer more or improved services to their customers.
So, it’s easy to see why a fintech company — believing fully in the virtue of its mission and faced with a litany of illogical and intractable regulations — might just say ‘we’re doing it anyway.’ That’s what Robinhood co-founder Baiju Bhatt reportedly did when his company tried to roll out a checking and savings product that it claimed was insured without confirming that with regulators first.
The problem is that while we may mythologise the ‘move fast and break things’ ethos in the abstract, consumers don’t love it when their stuff breaks in the real world.
And when fintechs and challenger banks aren’t constrained by regulation (as they mostly are in the U.S and Europe) the harm caused by this ‘move fast and break things’ approach can be much more severe than a service outage or a false claim of deposit insurance.
Stories from overseas
In China, online P2P lending exploded in popularity, with the number of P2P lenders growing from 50 in 2011 to 3,500 in 2015. Then the whole industry imploded when it was revealed that 40% of P2P lending platforms were Ponzi schemes.
In India, online lending companies raised a record $909 million in venture capital last year (the third-biggest market behind the U.S. and China). And those lenders are now using personal data from borrowers’ mobile phones to make lending decisions – which although illegal, is reportedly ignored by Indian regulators.
In the Philippines (another emerging market where venture capital dollars for online lending are pouring in), the National Privacy Commission is investigating hundreds of complaints from consumers about lending apps leveraging their personal data to shame them into making their payments.
A prediction for the decade to come
In the 2020s, I believe fintech companies will come to love – or at least quietly appreciate – regulation for two primary reasons:
Fintechs and challenger banks understand that brand recognition and affinity is key to their long-term success. Building their brands will be a challenge. A recent survey of 2,000 Brits found 40% don’t trust challenger banks at all and 67% said they are more likely to do business with banks that have branches on the high street. As Zach Bruhnke, co-founder and CEO of U.S. challenger bank HMBradley recently said, ‘We’re going to have to grow by word-of-mouth and doing the right things for our customers.’
Fintechs and challenger banks focused on the long-term task of building brand affinity and trust will, over the next decade, come to despise bad actors that skirt the rules and dress up get-rich-quick schemes in the same language they use to describe their own firms. Regulations that constrain and/or shut down these bad actors will be increasingly appreciated by legitimate market participants.
In the 2010s, we saw the beginning of a trend that will strengthen in the 2020s — regulations designed to foster competition between incumbents and new market entrants. To date, such regulatory action has run the gamut, from vague (innovation sandboxes and special-use charters) to hyper-specific (U.S. regulators’ cautiously approving the use of alternative data, or the Bank of England considering giving non-banks access to its 500-billion-pound balance sheet). Perhaps, most promising, has been the work done by the Competition and Markets Authority (CMA), which has been proactively driving the adoption of rules and standards around Open Banking for past couple of years. O
ver the next decade, through careful management of public perception and increased investment in lobbying, fintechs and challenger banks will further reshape the regulatory environment from a competitive moat to a more level playing field.
Reaching fintech maturity
’As a licensed broker-dealer, we’re highly regulated and take clear communication very seriously. We plan to work closely with regulators as we prepare to launch our cash management program’.
This was the statement issued by the chastened co-founders of Robinhood shortly after they backed away from their plan to launch a checking and savings product without government insurance. And here’s the crazy part — that’s exactly what happened! Less than a year later the company announced a new deposit product, this time insured by the Federal Deposit Insurance Corporation (FDIC).
As fintech companies mature in the 2020s and the focus of their strategic objectives shifts from growth to profitability, regulation will play a vital role in transforming the ethos of those companies into something a bit more sustainable. Call it ‘Move fast, but don’t break things’.
HOW TO MERGE YOUR FINANCES AS A COUPLE?
By Nelisiwe Ndlovu, Certified Financial Planner at Alexander Forbes
There is never a good time to discuss finances with your partner, married or unmarried, and one key issue that needs to be discussed is whether you should merge your finances.
Joining all your money matters can seem overwhelming at first, so you don’t have to combine every bank account and credit card from the get-go.
Start by having an honest discussion with regards to your individual money management and financial commitments before deciding to merge or co-manage your household finances while deciding if you want to fully merge all your finances. Detail all individual income, expenses, and all your financial commitments. The best way to achieve this would be to first take your individual budgets and combine them. This will tell you what you can and cannot afford as a couple. If one partner does not usually budget, this is a chance to start doing so as this will ensure that your household finances are under control.
Before you think about merging your finances, be open and honest about:
- How much you earn – what is the income that you will bring home? What is the frequency of your income? Are you permanently employed or a contractor?
- What are your current individual expenses and financial commitments? List your assets and your current debt.
- Your individual financial goals and money management techniques – don’t worry if you might have not figured this out at the time of merging your finances – the important thing to do is to be open and honest so that you both build a stronger money foundation
- Disclose your financial obligations, this becomes very tricky if left until too late and may cause unnecessary tension in the relationship
- What are your goals as a couple – what is the purpose for merging your finances?
Married couples can formally or informally merge their finances as detailed above where household expenses are split between the couple (the split could be 50/50 or any fair split agreed upon by the couple, which could be based percentage-wise depending on one’s income). Some couples tackle finances by adopting the ‘pick a bill’ approach, where one couple pays the water and electricity while the other covers the food.
Being married does not mean necessarily that you need to have one joint account. You may also just want to open one joint account where you each deposit money to pay just your monthly household expenses.
The top five things to remember when merging finances as a couple:
- Have the ability to manage your own finances before expecting another person to merge their finances with you.
- Be mindful of your potential spouse/life partner’s money management behaviour and skills so that there are certain things you can address together before considering merging your finances
- Always keep an open line of communication – honesty is the best policy
- Set a money limit which you can each spend without having to consult each other
- Don’t forget to change your wills and beneficiaries on pension or provident funds as required.
THE END OF YEAR TAX CHECKS THAT COULD SAVE YOU THOUSANDS
Charlie Reading, Founder and MD of Efficient Portfolio After HMRC’s tax return deadline at the end of January, it can be...
RISK VS REWARD: IS AI TAKING OVER?
Xavier Fernandes, Analytics Director at Metapraxis A study by Oxford University academics into “The Future of Employment” in 2013 prompted...
HALO TRUST USES ADAPTIVE INSIGHTS FOR STRATEGIC BUSINESS PLANNING
Cloud-based financial planning helps HALO Trust deliver greater benefit to communities affected by war Adaptive Insights, a Workday company,...
IS DATA PROTECTION AND PRIVACY RELEVANT ACROSS ALL STRATA IN INDIAN SOCIETY?
A Study by Pensaar Design With CGAP Pensaar Design has been working on a research study with CGAP to better...
THE RISE OF CHALLENGER BANKS AND HOW LEGACY BANKS ARE TRYING TO KEEP UP
Jean Van Vuuren, Regional VP for UK, Middle East and South Africa at Alfresco The finance world has been...
NEW STUDY: AI HELPS ORGANISATIONS GROW PROFITS 80 PERCENT FASTER
Global research highlights how organisations are capitalising on emerging technologies to enhance finance and operations for competitive advantage Organisations...
UK START-UPS MUST MAKE THE MOST OF A SMALL WINDOW TO CAPITALISE ON INVESTMENT OPPORTUNITIES, FOX WILLIAMS WARNS
Despite rising investment, Brexit and growing interest from tech giants could cut off start-ups’ opportunities in 2020 While a...
XPEDITION UPGRADES MORE THAN ONE MILLION OPENWORK CLIENTS TO THE DIGITAL AGE
Xpedition, leader in the implementation of cloud-based business applications, has deployed a new system which has digitally transformed the customer...
ORACLE AND MICROSOFT BRING ENTERPRISE CLOUD INTEROPERABILITY TO EUROPEAN CUSTOMERS
Today, Oracle is announcing the continued expansion of its cloud interoperability partnership with Microsoft with a new cloud interconnect location in Amsterdam....
THE EMOTIONAL AND FINANCIAL COST OF WORKING WITH OUTDATED TECHNOLOGY
Slow Tech Could Waste 24 Hours of Worktime a Year In this digital age, businesses are hugely reliant on technology...
HOW TECHNOLOGY IS FUTUREPROOFING STOCK MARKET TRADING
Tony Shaw, Executive Director, London Office and Head Sales UK & Ireland at the Swiss Stock Exchange Markets are shifting,...
REVEALED: THE TOP 10 COUNTRIES THAT ARE REDUCING THEIR RELIANCE ON OIL
Ben Lobel, Copywriter at DailyFX New tool charts global commodity trading over the last decade The UK has reduced its...
‘MOVE FAST BUT DON’T BREAK THINGS’ – WHY FINTECHS WILL COME TO LOVE REGULATION
Alex Johnson, Director of Portfolio Marketing, FICO The guiding ethos of fintech is move fast and break things. It’s...
OFFSHORE COMPANY FORMATION TACTICS FOR SMEs
James Turner, Director at company formation specialists, Turner Little Starting a business brings with it its own set of challenges,...
EMV® 3DS – PAVING THE WAY FOR SEAMLESS AUTHENTICATION
Jean Fang, Product Manager, FIME The growth of e-commerce, m-commerce and remote commerce transactions is showing no signs of...
WITHOUT C-SUITE COLLABORATION DIGITAL TRANSFORMATION IS UNLIKELY TO BE SUCCESSFUL WITHIN FINANCIAL SERVICES
By Nick Gold, founder and Chief Executive of Speaker’s Corner A path to digital transformation Mapping a clear path...
LOOKING BEYOND THE PAYMENTS PRICE TAG
Rob Straathof, CEO, Liberis In the face of tough competition, cutting costs often seems like the quickest and easiest...
MITEK SETS NEW IDENTITY VERIFICATION STANDARD WITH ONE STEP LIVENESS DETECTION
Omnichannel Liveness Detection ensures more effective, safe and simple identity verification Mitek (NASDAQ: MITK, www.miteksystems.com), a global leader in digital identity...
HOW TO MERGE YOUR FINANCES AS A COUPLE?
By Nelisiwe Ndlovu, Certified Financial Planner at Alexander Forbes There is never a good time to discuss finances with...
INTERNATIONAL BANKING NETWORK IBOS ASSOCIATION APPOINTS NEW MANAGING DIRECTOR
International banking network IBOS Association is delighted to announce the appointment of its new Managing Director, Manoj Mistry. Formerly Managing...