Banking & the first-mover paradox

Rapidly evolving capabilities such as data analytics, machine learning and the ‘internet of things’ have the potential to deliver faster, more-efficient services and provide a richer, more-meaningful customer experience. 

"As the level of data collection rises… the likelihood and consequences of sensitive data falling into the wrong hands… has become increasingly high.”

Financial services organisations which are able to harness technical innovation effectively have a real opportunity to derive significant competitive advantage.

But technical innovation brings with it a new set of risks, particularly where such innovation is driven by the collection and analysis of customer data.

These risks are further heightened by the increasingly prevalent use of third parties, such as cloud service providers, to facilitate and hasten the delivery of innovative solutions.

As the level of data collection rises, and the requirement to share this data between systems and partners grows, the likelihood and consequences of sensitive data falling into the wrong hands, or finding its way into the public domain, has become increasingly high.

This phenomenon is addressed in a recent World Economic Forum paper on “Innovation-Driven Cyber-Risk to Customer Data in Financial Services” which highlights the difficulty of measuring cyber risk compared with other forms of risk, and emphasises the need to improve organisations’ ability to assess their cyber security posture.

In most respects, cyber risk is no different to other forms of risk but boards and senior management often lack the tools and subject matter knowledge to deal with it effectively. 

{CF_IMAGE}

The WEF paper contends the development and assessment of mature, standardised metrics are necessary to allow better decisions to be made about the appropriate level of investment in cyber security controls, which in turn will support and facilitate business innovation.

The enactment of data breach notification legislation in Australia and the imminent introduction of the General Data Protection Regulation in Europe provide some clear guide rails for organisations to exercise due diligence in the protection of customer information.

Beyond these regulatory measures, the recent experiences of Facebook and Cambridge Analytica provide an emphatic example of the severe consequences which can arise from the failure to protect customer data.

Revelations about inappropriate use of data resulted in the value of Facebook falling by around $US100 billion in two weeks, while the CEO of Cambridge Analytica quickly found himself out of a job.

Walking the fine line between innovation and risk is, and will continue to be, an important an ongoing challenge in the financial services sector.

Michael Scotton is Head of Security Strategy, Policy and Outreach for Technology at ANZ