About two decades ago, one of Sweden’s biggest banks was quizzed by an analyst on the source of higher-than-expected costs in its quarterly results. The answer was something that analysts had not included in their modelling.
“People were basically driving trucks into ATMs and branches, smashing them, taking the money . . . and disappearing,” recalls Ronit Ghose, head of global banks research at Citigroup, who was on the call.
Technology has since lowered the risk of physical robberies at banks’ branch networks, many of which no longer have much cash to steal now that most money is moved digitally.
New technology has also offered banks billions in cost savings, as customers moved from expensive branches to digital models. It allowed banks to grow by serving people far outside their physical networks and using big data to understand how they can lend to non-traditional borrowers. But technology also brings its own dangers.
“Financial services are becoming increasingly digitalised, broadening the attack surface for possible cyber events,” according to an IMF report in February, which urged regulators to monitor cyber risks more carefully.
Capital One customers’ data was compromised in a cyber attack
The report warned that the volume of sensitive information held by banks makes them one of the “most highly targeted economic sectors for data breaches”. Risks are amplified by the rise in internet traffic and the number of devices connected into banks, as well as the falling costs of launching large-scale cyber attacks, the report noted.
Financial services businesses’ vulnerability to cyber attacks has been illustrated by a string of high-profile incidents, including a recent breach that temporarily paralysed UK-based payments group Travelex. Hackers threatened to sell customer data unless a ransom was paid.
Peter Kennedy, head of UK technology at consultancy Capco, says cyber security is the “first question that comes up” when clients contemplate introducing new technology, while Mr Ghose adds that among banks’ most senior executives “cyber is top of mind in a way it probably wasn’t 10 years ago”.
The worst cyber attack for banks is one that compromises customer data, says Heedon Kang, co-author of the IMF’s February’s report on cyber risk. Such breaches “create an erosion of confidence”, he says.
In the aftermath of December’s attack, Travelex stressed that customer data was not compromised. US bank Capital One was less fortunate last year when an attack compromised more than 100m customers’ data. The alleged perpetrator, a former Amazon Web Services employee…