News
3 Reasons Why Now is the Time to Worry About Cyber Security
More German banks than ever are vulnerable to attack. Discover 3 reasons why they should worry about cyber security.
German retail banks are digitalising faster than ever. Yet the rush for digitalisation does not come risk-free.
With digitalisation comes the greater likelihood of frontend and backend vulnerabilities – meat and drink for cyber criminals.
80% of German financial institutions were victim to cyber attacks in 2020-21. The scale of cyber attacks is unlimited and has been seen in the past year, with over 800 co-operative banks across Germany falling foul to a DDoS (distributed denial-of-service) attack in June 2021.
Here are three reasons for you to worry.
The pace and scale of digitalisation
Unlike other European markets, for instance the UK, German incumbent banks have hitherto struggled to adapt to the new digital reality, encumbered by decades-old legacy systems. Yet Covid-19 has changed the playing field, with contactless payments increasing to 50% of all transactions in the first half of 2020 and digital banking penetration rising from 59% to 65% between 2018 and 2020. Naturally, this presents more opportunities for cyber threats, especially as the pandemic drives more retail banking customers to digital channels.
These only increase when new and disruptive technologies are factored into the equation. The adoption of AI as part of digital transformation strategies presents cyber attackers with new opportunities to disrupt banking systems and services. Additionally, these technologies demand more responsive and dynamic regulation. The EU’s Artificial Intelligence (AI) Act (52021PC0206) demands that organisations, including financial institutions, conduct gap analysis in AI-based software to mitigate vulnerabilities.
Operationally, banks’ exposure to cyber risk is increasing. Cloud banking is a case in point. More incumbents in Germany are outsourcing, including data management and storage, to third-party cloud providers, opening new interactions that could easily be exploited. Supply chain risk is key: the chain is only as strong as its weakest link, which could be vulnerable to data breaches and malware incursions. As with technological advancement, supply chain risk demands a dynamic regulatory landscape.
Filling the vulnerability gap with regulations
The regulatory landscape of banking is constantly changing to match the pace of digitalisation. Cyber security is no different. The Payment Services Directive 2, enforced in the European Union since January 2021, establishes measures to mitigate vulnerabilities. These include Strong Customer Authentication, requiring two of three factors to be used by customers to authorise payments; replication protection to ensure these factors cannot be copied; and transaction monitoring to prevent fraudulent payments. This complex web of regulations has caused headaches for the payments, data protection, software development and a myriad of other banking functions.
An additional pressure can be found in the revised strategy for cyber security implemented by the Federal Government in September 2021, which places greater emphasis on improving IT security solutions and protecting the citizens’ electronic identities and communications. This, coupled with the incoming ISO 20022, will likely direct the effort and investments of incumbents and their partners towards finding security solutions to identity and transaction fraud – naturally incurring cost.
Finding the right skills to tackle cyber crime
Many incumbents will struggle with the increased resourcing demands that becoming cyber secure will place on them. This will ultimately go one of three ways: recruitment to find the skills needed to manage cyber security; training people in-house to manage cyber security; or outsourcing cyber security operations to a third party.
Several factors need to be accounted for by retail banks when deciding which option to go for: the cost-effectiveness of the cyber security solution, the time taken to deliver a solution that complies with local regulations, and the long-term handling of said solution, amongst other concerns. The rapid pace of digitalisation in the German retail banking sector and the growing body of regulations, in addition to the coverage cyber security concerns have across multiple departments within banks, adds considerable gravity to making resourcing decisions.
Cyber security in German financial services: where next?
The trend towards digitalisation in German retail banking, which has historically lagged behind other European sectors in its embrace of all things digital, will put cyber security firmly at the top of banks’ agendas. The threat couldn’t be clearer, with financial services cyber crime rising rapidly in Germany since the onset of the pandemic and the movement of banks’ customers online.
Want to find out more about how you can protect your bank from the financial and reputational damage of cyber attacks? Learn about the expertise needed to stop yourself from becoming a victim here.