1. Newsroom
  2. Cyberprotection: new criterion when choosing a private bank?
UBP in the press 08.10.2019

Cyberprotection: new criterion when choosing a private bank?

Cyberprotection: new criterion when choosing a private bank?

Le Temps (07.10.2019) - Private banking can never rest, and its latest challenge is to combat cybercrime.

After working hard to adapt to changes in private banking over the last 15 years – the disappearance of banking secrecy, the regulatory big bang, the introduction of Automatic Exchange of Information rules – it finally seemed that the industry could look ahead with confidence, focusing on development and digitalisation.

However, like Sisyphus, the industry can never rest, and its latest challenge is to combat cybercrime.

In fact, the challenge is not new at all, and is not confined to banking. However, it is growing all the time. In the last few years, cybersecurity has been the main concern of financial institutions’ Chief Operating Officers. According to an industry joke, there are only two categories of banks: those that have been attacked and those that haven’t yet realised they’ve been attacked.

Cybercrime, whether its aim is to misappropriate money or ruin reputations, poses considerable risks for all types of companies. But the threat is being taken particularly seriously by banks, whose business relies entirely on trust. When Tesco Bank was attacked in 2016, 40,000 accounts were compromised and half had money stolen from them. This resulted in the UK’s Financial Conduct Authority fining the bank £16.4 million for “failing to protect customers”. Since that first large-scale attack, the list of banks affected in Europe has grown to include Santander, Royal Bank of Scotland, Barclays, UniCredit, Bank of Valletta and Metro Bank.

Justified paranoia

The banking industry has entered an era of paranoia, with some justification. Web hackers have much more time and resources than their potential victims, however determined those victims might be to protect their IT systems. On the dark web, cybercrime has become an industry in its own right, with price lists, service providers and sponsors. This can be seen in the way attacks have grown in both number and sophistication. According to Forbes, in just the first half of 2019, 3,800 security breaches were made public, in which the security of 4.1 billion records was compromised.

This is the downside of the ever-more connected world that we have created. The number of potential pitfalls is increasing as technological innovation makes everything more interconnected. In the banking industry, in particular, it should not be surprising that clients want the immediacy, simplicity and efficiency now being made possible by electronic services. Yet the e-banking apps giving them that connection have themselves become a weak link in the system. Well-designed e-banking tools provide solid protection. But hackers will take advantage of any small crack, such as a delay in installing an update, to infiltrate devices.

Banks are spending increasing amounts of money to combat this multifaceted threat. They are customers of a rapidly growing cyber-resilience industry. As well as established software makers, we have seen a proliferation of new service providers, such as cyber-rating agencies that assess a company’s cyber risk on the basis of public traffic data. The resulting ratings are updated daily, forcing companies to make ongoing efforts to maintain a good score. At the moment, these cyber ratings are only accessible to institutional investors. But there is every chance that they will eventually be available to all, and will become a key criterion, like solvency indicators, that private clients take into account when selecting a bank. In the same way as banks must now provide practical evidence of their commitment to responsible investment in order to stand out, they will in future have to show objectively that they are making constant efforts to protect their own data and those of their clients. For the best banks, their cyber ratings will become a marketing tool.

Virtual Vault

Even then, to turn cybersecurity into a positive selling point, banks will have to raise awareness on an ongoing basis, both internally and externally. They must use their relationship managers’ close links with clients to make sure they are fully informed, particularly when setting up e-banking. After all, in a previous era, clients used to ask how secure a bank’s vault was. Today, therefore, it is natural that a bank should take the time to raise clients’ awareness of cyberprotection matters. Internally, as well as the need to ensure that their staff can be relied upon in order to minimise human risks, banks must raise awareness through information sessions, make regular assessments of how employees respond to “phishing” attacks (attempts to gain access to sensitive data through work e-mails), carry out penetration tests and simulate cyberattacks.

Today’s COOs are caught up in a number of technological revolutions, and most of them would admit that they need to remain humble in their efforts to combat cybercrime: no matter how effective the defences they build, it is impossible to eradicate all risk. But they also know that they cannot let down their guard when dealing with such a major challenge.

Discover our expertise

Ian Cramb
Chief Operating Officer


Global equities

Invest in companies with superior and sustainable value creation.

Further reading

UBP in the press 04.07.2024

Things are looking up for hedge funds

Allnews, Nicolette de Joncaire (11.06.2024) - Since 2022, certain strategies have been putting in solid performances and their outlooks are excellent. We talk to UBP’s Kier Boley.

UBP in the press 21.06.2024

How UBP brings in-house expertise to private market offerings

Asian Private Banker (28.05.2024) - With a rise in popularity of alternative investments in recent years, UBP is tapping the private market space with a mixture of specialist in-house expertise and a highly selective approach to third-party manager solutions.

UBP in the press 14.06.2024

UBP's Strategic Vision of Pure-Play Private Banking in Southeast Asia

Hubbis (05.06.2024) - Hubbis met with Eric Morin recently to learn more about UBP’s current momentum in Southeast Asia, the bank’s key focus areas, his strategic priorities, and his vision for the future of private banking in the region.