Select Page
Back to overview

Reading Time: .

It’s no secret that the digital systems of banks are heavily reliant on security. The special value of data records and business processes requires the highest standards of protection. This need can be largely met by implementing cybersecurity solutions. With the right strategy, an investment in digital protection pays off many times over.
Digitization continues at an unstoppable pace in the financial sector. In the past year, the speed of transformation has once again increased significantly. This trend can also be seen in the changing needs of customers: Two-thirds already consider a bank’s digital services more important than a nearby branch (Bitkom – Digital Finance 2020). A full 90 percent of clientèle between the ages of 30 and 39 conduct their banking transactions exclusively or for the most part online (EY Digital Banking – Consumer Survey 2020). To meet this demand, banks are increasingly moving processes to the cloud. By taking this step, institutions are acquiring the required scalability, performance, compatibility, and potential for development (Lünendonk / KPMG – Trendstudie Cloud Transformation 2020). This means that the day-to-day business of banks is also becoming more digital, and this is right where attackers come in.

Cybercriminals primarily target web applications

From 2019 to 2020 alone, the number of distributed denial of service (DDoS) attacks on web applications increased by over 300 percent. Myra Security’s mitigation data also shows that the number of complex multi-vector and amplification attacks in particular has increased noticeably. Cybercriminals use these methods to multiply the impact of their attacks. At the same time, an increase in digital blackmail attempts via the DDoS attack vector can be observed. If companies do not pay the ransom demanded within the specified period, massive overload attacks ensue.

Real-world experience shows that vulnerable targets are attacked more often, with attackers returning and demanding ever higher ransoms. Protected infrastructure, however, is something that cybercriminals avoid in order to spare their own resources. The only answer to the intensified threat situation is preventive protection for the operational business.

The German Federal Financial Supervisory Authority (BaFin) takes a more restrictive approach and announces more intensive controls

The fact that both the complexity and intensity of cyber incidents have increased significantly has not escaped the attention of the financial regulator BaFin. That is why cybersecurity is one of BaFin’s priority issues for 2021. It has already announced more intensive controls in this area, particularly when it comes to the outsourcing of IT to cloud service providers. In order to meet compliance requirements, banks must harden their systems and processes in accordance with the state of the art. The future DORA regulation (Digital Operational Resilience Act) and the oversight framework it contains also impose specific requirements on IT and processes. These compliance requirements from DORA are also meant to apply to the service providers involved in outsourcing or outsourced activities.

In view of the amendments to MaRisk and BAIT, the regulatory bar is being raised once again. The sector’s experience shows that banks should be as proactive as possible in addressing the technical and organizational requirements. Institutions that only upgrade their IT under external pressure as part of an audit required by Section 44 of the German Banking Act (KWG) needlessly blow a lot of their budgets in this process and still usually end up with less than ideal results.

Banking is a matter of trust

Those who invest in cybersecurity at an early stage and with a high level of commitment can, of course, also use this to their advantage when communicating with customers and in other business relationships. Banks depend on the trust of their customers. They count on new services to be error-free, secure, and stable. This trust can be further enhanced by implementing advanced security solutions.

In contrast, errors and failures of digital services can seriously undermine this trust, resulting in long-term harm to the bank’s image. This is because, in addition to BaFin, attackers are also inspecting the security of banking IT, continuously, 24/7, 365 days a year.

Leveraging cybersecurity as a process with many added values

On balance, investments in cybersecurity pay off for financial institutions in several ways: They protect the operational business from failures, ensure compliance with regulatory requirements, and serve to develop and maintain trust for communication and marketing. This means that the right IT security strategy yields sustainable competitive advantages.

The crux lies in the choice of partner

The difficulty in putting together an appropriate IT security strategy lies in the precise definition of the bank’s own focal topics. Every bank, every IT department, and every project is digitized to a different extent and has different priorities in terms of protection requirements. They need to be addressed using a tailor-made approach. Accomplishing this goal in the best way possible requires strong partners. Transformation to the new normal is characterized by digital ecosystems and partnerships. In the long run, no player of any size is capable of mastering all of these challenges on its own. In the end, key partnerships determine whether the solutions implemented act as a catalyst and strengthen other areas in the company in addition to security.

By outsourcing IT security to specialists, security can be raised to a level that is difficult to accomplish in-house. With professional service providers, fears about unnecessarily complex structures or a further increase in the attack surface are unfounded. Cybersecurity is part of their unconstrained daily business and expert IT specialists represent a first-class human firewall.

The time for concrete action has long since come. Institutions today need to future-proof their systems to meet customer needs, compliance requirements, and the cyber threat landscape. Digital laggards will inevitably lose ground in the market and be pushed out in the long term, whether by fintechs or big tech. There are no shortcuts in digitization and certainly not in cybersecurity.

Share this article