Covid-19 pandemic has necessitated the need to go digital a little more than the usual as social distancing is the call for the hour. Cybercriminals, however, taking advantage of the situation trying to compromise the security net across the banking and financial sector, talking the focus on cyber-related investments. So, will this inflate the cyber budget for financial institutions, explores Rashi Aditi Ghosh of Elets News Network (ENN), on the basis of opinion from experts from around the sector.
To understand the changing preferences posed by the pandemic situation, Elets News Network spoke to experts to get a clear idea on how digitisation has changed in the last few months and how is it affecting the cybersecurity spends.
Covid-19 situation forced us to adopt more of digitalization in the way that happened during demonetisation.
Talking about the sudden boom in digital adoption, the role of insurance companies in handling it and significance of cyber-related budget, Avez Sayed, Chief Risk Officer, SBI General Insurance said, “For us at the insurance industry, it is digitise or die situation, in a bid to be agile and relevant to the customer. You also want to familiar and fluid. Insurance is a very old subject wherein people end up buying insurance but we also have millennials as our customers who are buying up more insurance in the form of session insurances. They don’t want many questions to be asked. Youngsters are buying insurance for a cycle or for purchasing high-end gadgets. So, the concern is, how do we insure these products, go back to office, fill up the forms an all.”
“Covid-19 situation forced us to adopt more of digitalization in the way that happened during demonetisation. Demonetisation also forced the entire country to adapt to digital payments similarly this particular trend forced us to quickly adapt to the entire platform of digitisation but even if we remove this entire period of Covid there was an industry trend going towards digitisation and that the reason there was a very strong trend around insure-tech concepts happening, we go completely touch-less, intermediate touchless services, claims, policy payments, video chats, video KYCs. For example, we have customers from remote areas who want to opt for cattle insurance. So, how to we initiate that insurance without visiting the place? So, we started doing the nose biometric of the cattle. Right now, due to digitisation, payments of the 25 percent of the insurance is done lighting fast earlier the claimant had to wait for 20-25 minutes. Insurers understand the need of going digital otherwise they will be lost in the entire journey. Otherwise somebody else will come and overtake.”
“Specifically talking about cyber spends, I think when we are creating our own journeys to meet up the requirement of this digital economy is demanding from us, I assume that the digital spend would definitely go up. It might take a pause for some new innovative things. There are a lot of innovative things happening at cyberspace so, they may wait for a while but they will not give up on the fundamental requirements. I don’t see any internal discussion happening around our Chief Risk Officer community that there will be any cut on the cybersecurity budget. So, security remains an area where nobody would like to touch the budget space. Considering the economic point of view, it then depends on the industry,” adds Sayed.
The pandemic situation has also necessitated the alternative work options such as work from home or work from anywhere to ensure business continuity.
Putting forward the banking strategies in sync with the changing trends, demands, and requirements created due to the pandemic Biju K, Chief Information Security Officer, Federal Bank said, “The situation in banking is almost the same as in the insurance sector. Banking is a highly competitive environment. One good part of this scenario is, digitisation at the banking gamut started pretty early. Banks are always at the forefront, in terms of adoption of technology.”
“If you look at the adoption of technology in the banking sector, it is termed as the fourth most digitised sector. So, it certainly indicated that banking has improved significantly in the digital area. Today, the process begins from onboarding of the customer to the entire lifecycle management of the customer as far as digitisation is concerned. Earlier, it was limited to internet banking, mobile banking, and many other customer service areas. Now, it has moved further, today, 90 percent of the customer onboarding is done with the digital means.”
“Besides, all the loans, particularly the personal loans are through the digital mode. Loans are getting approved instantaneously. Similar, the EMIs and several other things are done through the touch of a button. We can also purchase large volumes and convert them into VMIs instantaneously without any all or SMS,” said Biju.
“ Further, collections also, not only the loan part but periodic collections are also fully digitised. Similarly, a lot of digitisation is happening right from physical security monitoring which has been replaced from electronic monitoring type of activity particularly for Kiosks and ATM installations, the digital implementation has gone to a large extent where there are more effective ways of monitoring for eg. Automated triggers, alarms which significantly increases efficiency. As the digital process begins from the onboarding, the chances of errors or frauds both are coming down. We are witnessing a lot of improvements as a digitisation is concerned,” added Biju.
“From the Banking perspective, the top most pushing factor is digitisation due to the pandemic and in general also a lot of reimagining is happening on how to enable the customer to do the banking on a touchless note. So, in that front, a lot of new initiatives are happening and the management now very well knows the darker side of digitistion are cyber threats. So, on one hand when newer innovation and digitisations are happening, on the other hand, putting the necessary controls at a place important otherwise it would lead to major data leakage. As we all know that banking is a very well regulated area and with the personal data protection act, it obvious that the data security or the cybersecurity spend will increase because we handle more people and larger about of data. It is a kind of balancing act,” sated Biju.
“The pandemic situation has also necessitated alternative work options such as work from home or work from anywhere to ensure business continuity. Before pandemic, Business Continuity was having alternative infrastructure, such as multiple data centre and the Human Resource aspects were only concerned with lighter matters. But with the pandemic, it now means the availability of necessary manpower and that comes with several inherent risks. So, when we’re allowing our employees to work from home of work from anywhere, we have to make sure that security is not compromised so for that more investments on the cybersecurity front are needed, particularly on the monitoring angle making the new environment secure. Because, even if the infrastructure for work from home is available with the companies, the scale which is now needed, is not present with most of the organisations. Another area which is further contributing to increase suspense in the cybersecurity front is the tensions across the borders. We are increasingly reporting state-sponsored attacks and all. All together we are seeing further tightening of the security side,” he added.
Within the BFSI space, we have been going digital, not to the extent that we are witnessing now due to the pandemic. The pandemic has just helped in accelerating and amplifying the digitisation.
Explaining the need to analyse the threshold and understand the complexity of cyber threats Ashton D’Cruz, Director – Chief Administrative Officer & Chief Information Security Officer, NatWest Markets plc India said, “Within the BFSI space, we have been going digital, not to the extent that we are witnessing now due to the pandemic. The pandemic has just helped in accelerating and amplifying the digitisation. Lately, there have been a lot of moves to go digital. There has been a key management buy-in on the same. Having said that, you can never be 100 percent secure.”
“So, you need to know what your boundaries are, what you need to protect and be able to safeguard it at a cent percent level and also you need to be aware that there is huge wide dark web out there which is always trying to manipulate and breach your securities. You should always be aware about the limit to which you will be able to get breached and recover in case if there is any breach. I would not believe that any organisation can safely say that there have never been breached. It is how best you can recover from a breach with a minimum damage that can occur in your end and that is where the management needs to draw a fine line and understand what exactly their threshold is,” added Ashton.
“And, if you are aiming at 100 percent security then you may put in all the investments but you may never get there. You need to be a very cautious management and obey what exactly what is the threshold that would like to set for yourself as an institution and it’s the job of the Chief Information Security Officer to be able to explain and quantify that to the management.”
“Digitisation for me is more of an IT spend. Cybersecurity spends on the other side is securing your work environment and safeguarding your organisation. These are two different categories of spend. What I believe is, within the organisations and within the industry, on a short term, the IT spend has been minimized and we are trying to buffer up all our cybersecurity spend primarily because of the overnight work from home requirements etc. and we needed to secure our endpoints and last mile in terms of connectivity and the network,” said Ashton.
“So, on the short-term, the spend on IT and digitisation would be minimum and larger spend would be made on the cybersecurity front. As in, when we are securing ourselves, we would just be using small details on the cybersecurity side. We would then start looking at the strategic investments on the IT side. So, it’s a blend of both,” stated Ashton.
On the basis of the experts’ opinion, it can be said that cybersecurity demands across the BFSI sector are definitely on the rise due to the sudden digital boom induced by Covid-19, however, it is also significant to understand the new threats pertaining to border-related tension and state-sponsored attacks which are putting the safety of several leading organisations at risk.