Vulnerabilities in banking systems are being exploited for personal gain, by cyber terrorists, and even in the name of state-supported cyber warfare. With stakeholders alert to the growing risks, the impact of digital breaches on banks’ reputations can be severe.
Financial institutions are among the top five sectors hit most frequently by the most brutal cyberattacks. The potential for high-impact, high-profit breaches of banking data is leading to increasingly sophisticated onslaughts. The internet is a battleground filled with those seeking to profit from disrupting banking operations. Cyberterrorism is proliferating, with some digital warfare even apparently state-sponsored.
IT disruption took the top spot in Risk.net’s 2021 global ranking of operational risks facing financial services. Data compromise came in second. In the wake of the coronavirus, remote working created greater exposure to cyberattacks, with ransomware targeting home workers. Meanwhile, VPN access by remote staff opened the door to bank data breaches, and the industry reported a sharp increase in phishing.
But it’s not only changes in the working landscape engendered by the pandemic making banks digitally vulnerable. Trends in Financial Services cybersecurity include rising costs of mega breaches, greater regulatory exposure, more class action litigation, and increasingly complex cyber claims.
The types of cyberattacks on banks include:
Both the risk and realization of these threats can damage banks’ reputations. With mainstream media reporting high-profile cyber failures, stakeholders are rating banks on their ability to avert or withstand cyber threats. Employees, customers, and shareholders are all heavily invested in the ability of financial institutions to deny data breaches. Consequently, content such as the January 2022 Which? Money Report on the cybersecurity of UK high street banks can cause reputational damage.
Highlighting the 97% increase in online banking fraud in early 2021, Which? experts identified deficiencies in specific banks’ front-end security. When the Which? Money Report was released, an analysis by Penta recorded a spike in the volume of wider reporting around banks’ cybersecurity.
Simultaneously, Penta’s proprietary stakeholder sentiment index picked up a significant dip in sentiment scores surrounding cybersecurity for many UK high street banks. The majority dropped to negative sentiment scores ranging from -64 to -66. Only Barclays, at -30, was relatively able to weather the impact of the report and recover more quickly. Barclays received fewer mentions than the average for all banks in negative reporting around cybersecurity in this period.
Cybersecurity in banking is also under heightened scrutiny from regulators, with continuous upgrades in data protection and privacy rules. These are accompanied by higher fines and regulatory costs – and the impact is not just financial. In the UK, banks must comply with multiple information security standards. Negative reporting around failure to comply damages corporate reputation. Compliance, by contrast, increases data breach resilience and therefore mitigates reputational risk.
For many years now, banks have developed cybersecurity strategies to protect their data, their systems, and their reputation. Platforms such as UK’s Cyber Security Information Sharing Partnership (CiSP) allow organizations to exchange cyber threat information in real-time, offering situational awareness in order to reduce risk. Its confidential nature reduces the reputational risk associated with publicly reporting cyberattacks.
A transparent cybersecurity plan represents a reputational opportunity for banks to demonstrate to stakeholders how critical digital protection is. Banks can also play a role in educating users and employees on how to avoid phishing and malware attacks, and counter the negative impact of cyber vulnerability.
Penta’s Reputation Intelligence solution is part of Penta’s Stakeholder Intelligence that enables corporates to make better decisions and connect better with their stakeholders. Click here to discover more.