Creating a secure environment, mitigating cyber risks and investing in appropriate security measures via the correct systems and processes are crucial for private banks globally, and vital to ensuring client trust and data protection. PBI speaks with industry experts to assess how vulnerable private banks currently are, what is being done about cyber threats, and what more can be done
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataA key concern for private banks in all geographies is cyber security threats. Cyber security is imperative to maintaining client trust and ensuring data protection.
Cyber security threats and breaches are certainly not issues exclusive to the private banking and wealth management industry. IT security threats have been problematic since the existence of the internet and have surged in recent years as technology usage has grown exponentially.
Cyber attacks are the new big enemy in private banking. For any industry, an attack can have damaging effects. But for the private banking industry, which is reliant on clients’ trust, it can be catastrophic.
As private banks and wealth managers continue to prioritise cyber securty, a lot of work still needs to be done.
HNWIs and UHNWIs attractive target segments for cyber fraudsters
High net worth individuals (HNWIs) and UHNWIs are attractive target segments for cyber fraudsters. In the digital age it has become progressively easier for fraudsters to gain information on individuals, especially if they are high profile figures and information on their wealth is in the public domain. It is not only about money fraud with HNWIs but also their personal data.
"HNWIs, their families and businesses are an obvious target for cyber crime, arguably more attractive to criminals than the larger numbers of retail banking customers. The wider use of digital channels in private banking also increases the risk of exposure to cyber-criminal activity for this group," says Jamie Woodhouse, managing director, finance and risk services at Accenture.
Richard Horne, cyber security partner at PwC, adds: "The amount that criminals are able to find out about individuals online is staggering."
One of the most significant cyber risks is phishing – an attempt to gain sensitive information such as PINs, usernames, passwords and card details – usually via bogus emails.
Although social engineering methods such as phishing are not the most sophisticated forms of cyber attack, they can often be convincing with the potential to fool clients if they are not vigilant. According to the US department of Homeland security, approximately 100m malicious emails find their way into inboxes each day.
Fraudsters’ tactics for targeting private banking clients can be different from the mass attacks on retail banking clients, and tend to be focused on individuals, requiring the fraudster to amass a greater amount of research.
There is a risk that private banking clients could be exposed to a greater level of phishing vulnerability, as they are more likely to have regular email correspondence with their relationship managers.
"There have been serious cases of cyber-crime that have affected private banks – both on and off the public record. These include instances of phishing, insider and cyber theft of customer details and also loss of customer data via third parties including printers and legal firms," informs Accenture’s Woodhouse.
Shifting from prevention to overall business resilience
According to Woodhouse, private banks are implementing strong provisions to safeguard themselves after realising the scale and seriousness of the threats – from trust, reputational, regulatory and remediation angles.
"We see more action across the organisation and CEOs are shifting from pure prevention to strengthening overall business resilience.
"CIO’s are building more robust technology strategies prioritised by threat and the assets they want to protect. CRO’s are working to quantify the risks and build cyber-risk into their enterprise risk frameworks and controls.
"Relationship managers are working to help their clients cut back on human errors that give openings to criminals. It is inevitable that some cyber-attacks will succeed – so resilience thinking includes planning and testing responses for when criminals do break through or insiders take out client data or cause damage."
A number of private banks including Coutts, Barclays and Standard bank, have adopted biometrics technology for clients to be verified for authenticity.
Coutts have implemented messaging services via its tablet and smartphone apps, which allows for greater degree of security over emails that have not been encrypted. Authentication can be granted via fingerprint rather than pass-code.
"Innovations such as TouchID, voice and behavioural biometrics not only serve as private banking industry firsts, but have also dramatically reduced fraud and enhanced the client experience," says Robert Hemphill, executive director digital solutions at Coutts.
A risk-savvy corporate culture, adds Woodhouse, needs to be embedded across the entire organisation.
"Firewalls will not protect employees from falling prey to social engineering, for example. Data losses have happened when disguised criminals accessed physical data servers in banks, or send well-crafted emails to top executives. So it is important for all employees – the board, relationship managers, facilities managers, CROs, COOs and CIOs – to have the right tools and culture to manage these risks," he says.
Sophisticated tools needed (sans legacy issues) for an increasingly connected world
Creating a secure environment, mitigating cyber risks and investing in appropriate security measures are vital for private banks to cope with the ongoing regulatory changes taking place.
It’s a question of time before private banks will need to become even more connected than they are now, with the introduction of additional distribution channels for clients and third party partnerships, and potentially new cyber threats will arise. Financial institutions need to be ready for the new reality.
Those banks that continue to have legacy IT infrastructure will find this process of enhancing their security systems much harder, and will be exposing themselves to increased vulnerability.
Says Woodhouse: "Digitisation, when done right, also enables banks to build in automated defences and advanced surveillance that can help fight cyber-crime and accelerate recovery."
He also points out that the technology landscape is moving fast, both within banks and through collaboration with FinTech providers.
"Data protection practices and technologies like DLP, information rights management, encryption and restricted use of removable storage devices are also being adopted along with penetration testing and war-gaming," he informs.
