Reports that regulators in the U.S. are considering pooling resources in order to carry out more comprehensive tests of leading banks indicate how serious the authorities believe the risks from cyber attacks to be. It is understood that a cross-agency approach to testing banks — in place of the current system of different regulators examining different parts of the same institutions — is being planned against attacks that could crash payments networks, expose customers’ data or otherwise threaten the integrity of a sector that is increasingly operating online. Such a change makes sense since bank executives have long argued that the number of agencies with which they have to deal has made it difficult and complicated to comply, with information security officers and their teams spending significant amounts of their time trying to deal with the different regulatory frameworks.
However, this is not the only sector facing threats of this kind. The increasing digitisation of business as well as the trend for more employees to work outside their offices on laptops and other mobile devices are increasing cyber risks for all sorts of business. The issue is not whether there is a problem but how senior management deals with it. And here there are concerns within organizations that the threat is not being taken seriously enough. More than 80% of respondents to a recent survey by 1E, the software and services company, believed that neither their CEO nor their board of directors was extremely well-prepared for the increasing pace of digital change over the next two years. This fits with other findings in the Getting Your House in Order report about awareness and priorities in this area. In particular, 90% of those questioned said their businesses put other things ahead of IT security when it came to budget allocation.
Indeed, a report out today from Vuealta, a business management consultancy that works closely with the connected planning platform provider Anaplan, suggests that uncertainty over Britain’s decision to leave the European Union is one of the issues possibly affecting the attention paid to cybersecurity because it has been the dominant factor in supply chain decision making in the U.K. over the past five years. Although more than a fifth of companies in the U.K. have had their supply chain hit by a cyber attack in the past five years, 42% of respondents believe their leadership team do not appreciate the potential impact such an assault could have.
The issue of whether businesses are actually investing in the right places is also raised by Steve Pulley, executive vice president and general manager of global identity and fraud solutions at Experian, the credit reporting company. In a survey published earlier this year, the company found that half of businesses had materially increased their fraud budgets with similar proportions experiencing an increase in fraud cases, particularly in the U.S.. However, there was something of a dilemma over how to respond because at the same time as seeking to prevent fraud, businesses were also seeking to improve their customers’ online experience. In fact, Pulley himself said he was surprised by a finding that once customers feel trust in a business they are prepared to share more information in order to gain a better experience. Allied to this is the fact that, despite advances in security technology, consumers still look out for old-style security signals, such as password requests, as evidence of an online business’s trustworthiness. The result is that, despite efforts by regulators to encourage the emergence of challengers to incumbent businesses in such sectors as banking and utilities, there has been something of a “flight to quality”, with consumers favouring familiar names over startups. Factors such as high barriers to entry and — in banking especially — capital requirements mean that retention levels of incumbents “remain extraordinarily high,” says Pulley. Indeed, in a column earlier this week, Andrew Hill recounted the difficulties encountered by the telecommunications company BT’s broadband division Openreach when it sought to differentiate itself from its parent — as directed by the regulator.
Nevertheless, more advanced authenticating tools are increasingly being used to prevent fraud and to protect customer data, often without users realising. “Passive” checks can, for example, assess how genuine a transaction is through using knowledge about such things as a consumer’s usual buying habits, their location and even how they use their electronic devices. Meanwhile, advances in biometrics mean that, for example, new ATMs in South Africa operate using fingerprints rather than PIN codes.
In the end, though, it comes down to trust. As the strapline of the Experian report reads: “Consumer trust: building meaningful relationships online.” Among the questions that Experian asked of 10,000 consumers and 1,000 business around the world were “What are the key factors that matter most to consumers for gaining trust and confidence in an increasingly digital world?” “What does it take to build trust online?” “Are businesses doing enough with the information they already have access to, to better recognize and deliver experiences that their customers expect?” Companies that come up with appropriate answers are likely to be in the ascendancy in the years to come. In the word of the report, trust is “a precious commodity that is earned over time and difficult to build between consumers and businesses in an online world. The anonymous nature of digital interactions means that businesses and consumers must mutually find ways of establishing bilateral trust.”
Click to go to the full article: