By Jason Baden
The financial services sector has been identified as one of the most sophisticated in Australia in terms of digital transformation, particularly with the forthcoming Consumer Data Right and inroads into Open Banking.
But the prioritisation of security plays a different role in this journey than what we’d expect. A recent study of Australian insurance companies revealed only 42 per cent think cybersecurity is their most pressing risk, far outweighing their concerns about other key risk areas such as regulatory risk.
With some 60 per cent of Australian businesses interrupted due to a security breach in 2017, and with businesses digitising at faster rates, this issue isn’t set to go away any time soon.
Despite the vocalisation of these concerns, security is frequently neglected in critical moments. When application performance becomes an issue, security is often the first crucial digital component out the door.
IT professionals and developers have deprioritised security for too long in moments of application crisis or digital transformation, so much so that when prioritising a heathy development pipeline, security is often missed out altogether. This isn’t a criticism but fact—it’s never been more essential to get apps out the door quickly, with pressure coming from both the C-Suite and customer demand, so developers are playing a game against time.
The financial services industry is under major pressure to prioritise security correctly and effectively within its complex digital roadmaps. With convergences happening between fraud and cybersecurity, and as Australians stride purposefully towards digitising their entire banking experience, this prioritisation will never be more important.
Assessing where security sits in the IT food chain
Due to a combination of pressures, such as minimising costs whilst getting applications to market faster, digital transformation can be as much a journey fraught with security risks as it is an opportunity to reinvigorate a business.
In the banking and financial services industry, where the laser focus is so frequently on digital transformation, the necessity of security is ostensibly deprioritised when it comes to applications.
Addressing cybersecurity is the top priority for 89 per cent of banks globally in 2018, according to an EY study. However, this figure drops in the Asia-Pacific region, with 80 per cent listing security as a top business priority, behind other business concerns such as partnerships, improving risk management, and investment in technology.
Locally, an F5 study found security is the biggest concern for a majority (60 per cent) of Australian consumers when banking through a mobile app. Moreover, a different F5 study found 69 per cent of Australians are most likely to disown an app if its security is compromised.
But what does this mean when we speak about the connection between security and mobility, focusing on the banking industry? It means financial organisations must prioritise the security of their applications rather than ease of use.
Many consumers, especially those who aren’t digital natives, are grappling with a decision to stick to conventional, less convenient methods of handling finances, such as going to the bank branch, or using more convenient digital transaction platforms that are perceived by many as ‘riskier.’
Customers are hyperaware of the security risks involved in transferring finances online. Security and the trust that comes with it will become an important element that will sway customers from one payment provider to another—as it becomes less about what technologies are on offer, and more about how secure they are.
Standardise a security platform to standardise on security policy
So what are the practical step banks can take to secure their applications in an increasingly mobile world? Standardising the security platform, which effectively standardises policy, is an impactful way to remediate risk before it becomes an organisational-wide threat.
Having a consistent security posture across all physical and cloud environments means you’re minimising risk by reducing the amount of potential gaps in protection across attack surfaces. It also lowers the amount of training required across the IT team as staff have a single view of its security posture.
Employing this strategy means IT professionals and developers can have a combination of standard, base security policy, which is automatically deployed to each app, instantly protecting it against upcoming threats.
Protecting the entire attack service in this way means the most likely attack vectors are covered. In the journey to digital transformation, when it is so easy to be caught up by other innovations, security must never be left behind—as this is what will ultimately harness you the long-term loyalty and trust of customers.