The wave of innovation brought about by digital transformation is perhaps most visible and apparent in the banking sector. The sector has metamorphosed its existing model into one, which is far more dynamic, open and interactive. Today the banks are much more than just a place of depositing cash and managing personal finance. They are institutions that provide customers the flexibility and convenience to deal with money matters. Elements like Mobility, APIs, etc. are now the new norm. As the market landscape further evolves and the competition gets fiercer, banks with large scale digital transformation and real-time customer insights will be the winners. According to a report published by Boston Consulting Group (BCG) and Facebook, the number of users opting for online banking is expected to reach 150 million mark by 2020.
Striking Balance Between Customer Demands and Risk Management
However, this rising quantum of digital transformation in the banking industry has a dark side too. It is responsible for a rapid escalation of risks across the channels of transactions. The complexities make it even tougher for companies to get hold of their entire risk profile. According to Gartner, about 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk and banks will be the predominant victims. While digital transformation can’t stop, management of digital risk presents unprecedented challenges for the organisations. Most of them are not fully geared up to address these completely new types of risks. A McKinsey digital risk survey found that over 70 percent of banks have digital risk prominently on the radar, with a middling level of management attention and 10 percent have it on the high-priority list.
Rajesh Thapar, Chief Information Security Officer, Yes Bank talks about these issues in the Book Titled “Accelerating Enterprise Innovations”. The following is an excerpt from the same book:
In the hyper-connected and hyper-innovative world, the customers would any day choose a bank which has a superior digital footprint over the ones which lack it. They would prefer a bank, which offers a seamless omnichannel experience. A customer today expects everything in real time. Customers want highly personalized and seamless experience across every channel that they are using. It should address their preferences and goals. To achieve this level of customer-centricity, product teams in banks have to abandon the traditional inward focus and focus on customer needs. This shift in consumer behavior and demands is mandating the banks to not only redefine their business models but also reinvent their delivery models. But there is a flip side to it. As the digital surface broadens and digital transactions rise, banks are facing the challenges around fraud prevention, data security and customer privacy.
Cyber security has acquired heightened prominence than ever before specially in the banking industry that has seen several high-profile and high-impact breaches in recent past. Some of the recent cyberattacks on the banks in both India and abroad have left the boards high and dry. In addition to it, the cost of a breach has risen tremendously. The overall impact can be humongous, including the reputational and revenue losses to an organisation. A multitude of regulations have made things even worse for the cybersecurity professionals. While earlier it was only about an incident reporting and its remediation mechanism, today there are monetary implications of breaches from regulators. GDPR is a great example where the breached organisation has to pay hefty amount of money to safeguard data privacy.
While cybersecurity is a non-negotiable element in a bank’s technology strategy, it can also not be too overwhelming which can cause inconvenience to the customers or become a deterrent. In this scenario, being very proactive can be detrimental for both cybersecurity professionals and the organisations. That is where the balancing act comes in. How do you ensure enforcement of security controls without making it too intrusive to stall the innovation processes? Cybersecurity professionals will need to balance risk elements and exposure with customer experience and satisfaction.
Excerpted from the Book Titled “Accelerating Enterprise Innovations“