There was a time when having a digital strategy was a sideline, much like installing new office carpeting or designing employee appreciation events. It was a low-priority afterthought — a good, but non-essential business action item.
In today’s digital atmosphere, the integration of technologies and automation is more prevalent. Financial services businesses embed digital technologies into existing channels for a more personalized, timely customer experience. Insurance and banking customers can carry on everyday finance maintenance with less time required and no travel necessary. While the ability to make consumers happy can translate into larger market shares and a competitive edge for financial institutions, the journey does not come without challenges. At the top of that list of challenges is security. Financial services applications are especially hot targets for hacking because highly sensitive personal data is involved.
In a recent Forrester research study* of 134 IT executives in the financial services and insurance industry, more than 50 percent indicated they had had a breach in the past 12 months, with 42% of them having had three or more breaches in the past 12 months. The top three external methods of attack were user interaction, exploitation of vulnerable software, and use of stolen credentials.
Especially when financial services institutions extend their digital business to the Internet of Things, the need for security becomes even more real due to the increased number of potential data breach points. More than 51 percent indicate that IoT is an initiative that concerns them. The top two initiatives noted were external hackers and privacy violations*.
Despite the frequency of breaches, concerns around IoT, and 61 percent of executives indicating that safeguarding customer privacy is important, 28 percent of the respondents little to no confidence in their organization’s ability to protect customer data and intellectual property*. In addition to deploying security technologies, they should also consider these best practices.
- Craft a comprehensive security, governance and compliance strategy.
- Documenting your security strategy is crucial in aligning the whole company in its standards and practices. According to Forrester*, nearly 15 percent of financial institutions do not have a documented strategy, reporting the top reason as not having enough time. Though there may be more urgent priorities for business continuity, documenting a strategy can help improve upon security in future iterations and satisfy compliance audit requirements.
- Balance security needs with user experience demands.
- Security is needed for both the financial institution’s intellectual property and the consumer’s personally identifiable information. Integrate security across channels and networks to meet consumer demands and provide a secure consistent user experience, so that all devices are secure all the time. By focusing on both security AND the user experience, a financial organization can achieve a more holistic view of security across devices.
- Foster a culture of security awareness.
- Crafting and documenting a security strategy is ineffective if it is not established throughout the company. Users should be trained based on their roles to understand why they only have access to certain data and how they can most safely store and send information.
For security and IT leaders within the financial services industry, security rightfully continues to be a top business priority. In 2016, 25 percent of the IT budget was spent on the ever-urgent need for security. In 2017, one third of the budgets for security will remain the same, but a whopping 58 percent will increase*. This again underscores the importance of security in the IT operations of financial services companies.
It all comes down to this – if a positive customer experience is the key to a thriving business, security represents the bolts that hold the whole lock together. Without a strong security solution, even the most superlative customer service will eventually prove ineffective in sustaining the business. While digital technologies can enable better engagement, the propagation of IoT makes for a growing attack surface in both the corporate and user environments.
The answer is multifaceted: rather than cutting down on digital integration, financial services institutions should resolutely observe security practices. This will go a long way toward countering potential attacks and keeping private data secure.
*(Forrester Data, Global Business Technographics® Security Survey, 2016)