Digital disruption has long made its presence felt in the retail banking sector. A series of challenger brands have launched in recent years, building innovative and intuitive digital interfaces from the ground up and in some cases forgoing physical premises altogether. Atom Bank launched publicly in April 2016 and secured total funding of more than £200 million by the following year, specialising in savings accounts and mortgages. In April 2017, online bank Monzo had its UK banking licence restriction lifted, allowing it to offer current accounts for the first time. Tandem, Starling Bank, Loot and Revolut are more digitally led financial services brands that didn’t exist a handful of years ago.
Changing consumer behaviour
Meanwhile, research by Accenture has shown that customers’ physical interactions with traditional banks are decreasing; from 2015 to 2018, the number of consumers who visit branches at least once a month dropped from 52% to 32%. Over the same period, the number of consumers who use ATMs at least once a month dropped from 82% to 62% – a decline of nearly a quarter.
In many ways, these shifts are unsurprising. We live in an increasingly connected world. As mobile devices become more powerful, and the networks connecting them faster, banks can offer better functionality to customers anytime, anywhere. If the goal is to put customers first, to tailor services to suit them and to work with their daily patterns, digital technology is a great enabler.
However, just as the digital era is disrupting the ways in which consumers engage with their banks, it is also disrupting the trust those consumers have in their banks.
Wavering trust levels
Trust, as all financial organisations know, is the foundation of their relationship with customers. When trust fails, so do banks.
According to Accenture, consumer trust in banks has been rising steadily, and is now at its highest point since 2012. It seems likely that, following the 2008 global financial crisis and subsequent recession, consumer relationships with their banks have stabilised.
However, at the same time, consumer concerns about cyber security and online fraud are on the increase. PricewaterhouseCoopers research in 2017 suggested that a massive 85% of consumers would not do business with a company if they had concerns about its security practices, and 71% said that they found companies’ privacy rules difficult to understand. This was before the introduction of the GDPR (General Data Protection Regulation), which has shifted the issue of personal data protection into mainstream consciousness.
Similarly, the Ping Identity 2018 Consumer Survey: Attitudes and Behaviour in a Post-Breach Era, which surveyed more than 3,000 consumers in the UK, US, France and Germany, found that one in five of them had fallen victim to a corporate data breach, and just over a third of those had suffered financial loss as a result. Unsurprisingly, the survey also found that 49% of consumers would not engage a service or application that had suffered a recent breach.
Where banks are digitally led, two areas of trust collide. Customers might have more faith that their banks are reliable, well run and unlikely to collapse, but are simultaneously more fearful of the wealth of risks and threats in the online world, from the theft of their personal data to viruses and malware that can attack their personal devices.
Furthermore, research into the security posture of banks and other financial services organisations suggests that consumers may be right. When the Economist Intelligence Unit surveyed more than 400 C-suite executives at major banks around the world last year, it found that just under half of respondents believed that a cyberattack would cause “at least one systemic bank failure in the next two years as the digital transformation of the banking industry continues to automate the sector”.
In other words, as banks rely on digital technology more and more, whether to offer customer-friendly mobile apps; to automate manual processes to streamline management and reduce costs; or to take advantage of new innovations such as AI, Cloud computing and the Internet of Things, they expose themselves to ever greater levels of cyber risk.
‘Always on’ compliance
Digital banks – whether challenger brands that have entirely bypassed physical premises, or traditional institutions that have branched out into highly functional apps and websites – are ‘always on’. And this is precisely how they need to see their approach to cyber security and compliance.
Traditional approaches to regulatory compliance – whether with frameworks for best practice such as ISO 27001 or legal requirements such as the GDPR – tend to involve organisations undergoing a single period of reviewing, updating their tools and processes accordingly, and creating a record for audit purposes. This is repeated perhaps once a year to demonstrate that compliance is being maintained.
However, in a dynamic, digitally driven world, compliance needs to be dynamic and digitally driven too. This means undertaking compliance checks more frequently and maintaining online dashboards that offer a real-time snapshot of the current compliance posture and are automatically updated when elements of the organisation’s digital infrastructure are changed. Banks have embraced digital technology to offer their customers something new; the next step is to use digital portals, dashboards and compliance management tools to ensure a next-generation approach to building trust.
That is where Vigilant Software can help. We understand that cyber security risk management compliance can be a lengthy and complex process that takes significant time and resource. Given the nature of the threat landscape and its rapid evolution, organisations need a tool that can execute assessments in a scalable and repeatable fashion. Our CyberComply platform guides organisations through cyber risk and privacy management monitoring and compliance.
Contact us for more information and to arrange a free trial, please click here.