Cyber security is a top-of-mind issue with no easy answers and no absolute protections. Cyber attacks are frequent, evolving, costly—and no retail bank is totally immune.
Becoming cyber resilient
A recent Accenture point of view challenges financial services organizations to think differently about cyber security. It stresses cyber resilience because enabling fast recovery from attacks is just as vital as erecting barriers to try to prevent them.
Cyber resiliency is operating business processes effectively in normal and adverse scenarios. Resilient organizations identify, prevent, detect and respond to process or technology failures well. They recover while reducing customer impact, reputational damage and financial loss.
Preserving customer trust
Cyber attacks wreak havoc on banks in so many ways that it is impossible to argue that one impact is more destructive than the next. Even so, banks cannot ignore the relationship between cyber resilience and customer trust.
Accenture’s 2015 North America Consumer Digital Banking Survey reveals that 86 percent of customers trust their bank over all other institutions to securely manage their personal data.
With competitive threats poised to lure even long-time customers away, banks cannot afford to lose this trust. But it can all come crashing down with even one isolated cyber breach.
Asking the right questions
How banks handle recovery can be the difference between whether customers stay or leave. This is why planning for the aftermath of an attack demands the same attention as incorporating front-end, preventive security measures.
I encourage you to answer five key questions to assess the state of your organization’s cyber resilience today:
1. Do my employees understand that their own activities can put the bank at risk of a breach?
Cyber risk is not just the technology department’s problem; banks should address the issue from a cultural standpoint too.
2. Are our processes and day-to-day activities designed to address the vulnerabilities of internal fraud?
Unfortunately, some of the biggest vulnerabilities can come from the people that banks trust the most.
3. Does our solution development cycle check for vulnerabilities—and are existing systems tested based on new cyber risk scenarios?
It’s not enough for banks to put cyber security protection protocols in place for new systems yet ignore legacy system vulnerabilities.
4. How strong are our detection capabilities—and are we evolving them to keep up with changing threats?
There is no rest for the weary when it comes to cyber resilience, banks should anticipate threats that are constantly changing.
5. Do we know if our ecosystem partners are taking adequate cyber protection measures?
Banks’ hard work can be undone if partners and vendors are not taking precautions related to their people, processes and technologies.
Banks that make cyber resilience a priority position themselves for the reality of how they should work and serve customers in the digital age. To learn more, visit www.accenture.com/CyberRisk.