Building trust in a digital, data-driven world
Canada’s Big Six banks are transforming key aspects of their front and back offices as they continue to modernize their cores. Yet cyber risks are an ever-present element in banking, as is the case in other sectors. Frequent reports of corporate data breaches from cyber attacks continue to keep cyber risk at the top of bankers’ minds.
As banks continue to face disruption from new market entrants and emerging technologies, they need to enhance their cybersecurity models, balancing the risks and opportunities related to their digital and innovation initiatives, in order to stay competitive.
PwC’s Global Economic Crime and Fraud Survey 2018
Banks should apply three lenses—external, internal and regulatory—when building out their cybersecurity strategies.
In looking through the external lens, they’ll understand outside factors that affect the bank’s cyber risk profile. In other words, they need to know what's happening outside of the organization that might change that profile, for example, factors such as a new cyber attack on the horizon, new technologies posing new risks, and changes in the geopolitical landscape.
The internal lens brings management’s focus inwards in assessing what changes within the bank are impacting its cyber risk profile. This self-assessment is critical in launching a new product or service, implementing a new system or emerging technology, engaging new suppliers and understanding insider risk.
Lastly, the regulatory lens is used in understanding the expectations and requirements of regulators, especially for banks operating in multiple jurisdictions around the world.
“In order to execute on innovation while maintaining trust in the digital economy, banks need to pursue two parallel strategies - cyber risk agility and resiliency. Cyber risk agility to build a flexible cyber risk framework that can anticipate and prepare for innovations that bring longer-term success. Cyber risk resiliency to withstand potential cyber risk events from these innovations and keep the business moving toward its goal.”
Canadian banks have developed strong cybersecurity strategies over the last several years. These derive, in part, from collaboration with other Canadian banks in a manner and scale not seen in some other leading national banking sectors around the world. Canada’s Big Six banks share leading practices and trends relating to cybersecurity and the types of incidents they're seeing in their respective institutions.
That spirit of cybersecurity collaboration extends into bank-fintech relationships, as seen in, for example, leading-edge innovation labs and customer on-boarding processes. Together, banks and fintechs undertake thorough cyber assessments of key aspects of their joint initiatives to make sure cyber risks are properly understood and mitigated. These types of cybersecurity collaboration will only increase in the future.
PwC’s 21st CEO Survey: Findings in the banking and capital markets industry