Skip to main content

Retaining customers in the face of surging cybercrime and scams

(Image credit: Image Credit: ESB Professional / Shutterstock)

The very nature of cybercrime - criminal activities carried out by means of computers or the internet - makes financial institutions a prime target. 

Banks have become attractive prey for a litany of attacks including ransomware, due to the vast quantities of critical value data (CVD) relating to its customers and employees.

According to research from the Boston Consulting Group, banking and financial institutions are 300 times more likely to be at risk of a cyberattack than other companies, which underscores the importance of prioritizing a strategy that combats the risks to modern banking and finance.

According to industry lobby group UK Finance, £753.9 million was stolen by fraudsters in the first six months of 2021 - a 30 percent increase on 2020. Luckily, defensive measures by banks were able to prevent another £736 million from being lost to cyber fraud, but the critical risk posed by cybercrime to the banking industry cannot be overstated. 

How is this impacting banks specifically?

A study of 1,508 UK banking customers conducted by Nuix and commissioned by Censuswide has shown a rise in banking customer complaints mishandling, resulting in customers leaving their bank for alternatives. The survey revealed that over 1 in 5 (21 percent) said bank fraud was the main reason for their complaint, further highlighting the severity of this issue.

More broadly, the matter of Covid-19 frauds is huge. Covid-19 has had a significant impact as the majority of employees are working remotely, so it has made a difference in how we work and the systems we use.

For a couple of decades, advances in technology have been preparing the perfect environment for cybercrime to flourish, but the global pandemic has accelerated the potential damage to the financial sector. The very simple fact that we are now using online payment methods in lieu of cash alternatives on a frequent basis has provided cybercriminals with more avenues to execute their attacks. The vast growth of the e-commerce sector has also created new opportunities for both consumers and cybercriminals. As with all tech-related consequences, in the wrong hands this opening up of the digital space has also led to an ongoing rise in compromised data and stolen money.

Unfortunately for the banking and financial services industry, the shift to remote working during the pandemic meant that attackers were well-positioned to take advantage of those businesses that had failed to set in place appropriate security controls. More generally, it’s likely that many businesses were simply not prepared for the additional administrative implications that the migration to an entirely remote workforce would require.

As one of the most stealthy forms of crimes we know, it’s worth noting that cybercriminals are unlikely to attack a company’s systems conspicuously or via the proverbial unlocked window. One of the easiest and most effective attacks used globally is business email compromise (BEC). In this instance, all it takes is a single respondent to issue a payment and grant the intruders access to the corporate network. 

The obvious takeaway here is that banks must improve their cybersecurity measures to ensure that their digital systems are not vulnerable to attacks, as cybercriminals become ever more sophisticated. 

How can banks protect themselves?

So, how can banks ensure they don’t succumb to cyberattacks? The first step is acknowledgment. Banks and their leaders must take cybercrime seriously.  This means not only that cybersecurity is woven into the fabric of everything they do as an organization, but that training, risk assessment, and incident responses are devised for the company and for the whole supply chain.

Understanding the enemy is also key. And treating the defense with the same rigor and determination that the criminals approach the attack. Ransomware, for instance, has now become a ‘service offering’, enabling even the less technically-savvy criminals to launch widespread attacks. Understanding the scale and nature of the threat is crucial.

A behavioral change in attitudes needs to start at board level, where security should be a top priority, making sure that firms plan for suitable technology, security training, and threat exercises. A lot of inspiration and strategy has been drawn from military categorizations of combat readiness (train as you fight), such as red teaming and purple teaming and seeing how defenses hold up. Actively seeking the threats and weakness, rather than reacting after the event, is an important difference that will determine those who become victims and those who don’t. A proactive rather than reactive approach.

Neither is it only the IT and board-level who should be trained in defending against and identifying weaknesses for cybercrime. A joined-up, team approach is critical as the digital space continues to move with speed. Studying your firm’s databases and internal systems will give better oversight. Knowledge is power. It’s paramount for organizations to educate every employee, partner, client, and customer on the dangers of cyber threats. Employees need to be aware of basic security measures that must be practiced when handling banking processes—be it online or through traditional means. It should not end there. 

For businesses to protect themselves robustly they must invest now. Businesses cannot afford not to act - failing to do so will lose customers and have spiraling other related costs. With the benefit of hindsight, it’s a no-brainer. That interest will manifest itself in the loss of customer confidence, loss of market share, regulatory fines, and potentially class action or shareholder derivative lawsuits. 

While having the right processes, professionals and educational plans in place is important to fight against the ongoing cybersecurity battle, banks need to have a strong digital foundation in order to protect themselves and their customers. It’s a question of protecting their customers every step of the way and this involves some self-reflection and looking at your own company’s internal infrastructure.

While banks can certainly build their own defensive platforms, FinTechs have become a viable—and fast—option for banks looking to embrace digital and elevate their fraud and verification capabilities.

The risk of a bank failure from a major cyberattack is not an exaggeration. But, just as digital innovation has opened this Pandora’s box of malicious activity, so too can it provide a solid defense when coupled with a strategic and well-informed approach to banking and serving customers safely in the digital age.

Andy Edler, Head of Corporate EMEA, Nuix

Andy Edler is Head of Corporate EMEA at Nuix, a global strategic software company. The company aims to find truth in a digital world.