How cybersecurity flaws impact the reputation of UK retail banks
Vulnerabilities in banking systems are being exploited for personal gain, by cyber terrorists, and even in the name of state-supported cyber warfare. With stakeholders alert to the growing risks, the impact of digital breaches on banks’ reputations can be severe
Changing threats: cybersecurity in banking
Financial institutions are among the top five sectors hit most frequently by the most brutal cyberattacks. The potential for high impact, high profit beaches of banking data is leading to increasingly sophisticated onslaughts. The internet is a battleground of those seeking to profit from disrupting banking operations. Cyber terrorism is proliferating, with some digital warfare even apparently state sponsored.
IT disruption took the top spot in Risk.net’s 2021 global ranking of operational risks facing financial services. Data compromise came in second. In the wake of coronavirus, remote working created greater exposure to cyberattacks, with ransomware targeting home workers. Meanwhile, VPN access by remote staff opened the door to bank data breaches, and the industry reported a sharp increase in phishing.
But it’s not just changes in the working landscape engendered by the pandemic making banks digitally vulnerable. Trends in Financial Services cybersecurity include rising costs of mega breaches, greater regulatory exposure, more class action litigation and increasingly complex cyber claims.
Digital vulnerabilities in the banking system
The types of cyberattacks on banks include:
- Unencrypted data: Any unencrypted information lifted by hackers can immediately be employed to exploit customers or damage banking operations. Unencrypted internal data can also be manipulated, inserting errors into banking systems.
- Authentication: Texts and emails verifying customers are vulnerable to hijacking. Lack of complexity around password creation also increases cyber risk.
- Online banking security: Balancing robust security while being user-friendly and doesn’t block genuine customers is an ongoing challenge.
- Malware: With customers and employees using external devices to access banking systems, malware has multiple opportunities to spread from compromised hardware.
- Phishing: As phishing becomes more sophisticated, banks need to block fake emails and texts, and alert email service providers. Relying on customers to recognise phishing attacks is insufficient.
- Third parties: Suppliers connecting to banks’ systems represent a potential weak point in their defences. Hackers are increasingly targeting banking data shared with third parties.
Reputational impact of banks’ cybersecurity flaws
Both the risk and realisation of these threats can damage banks’ reputations. With mainstream media reporting high profile cyber failures, stakeholders are rating banks on their ability to avert or withstand cyber threats. Employees, customers and shareholders are all heavily invested in the ability of financial institutions to deny data breaches. Consequently, content such as the January 2022 Which? Money report into the cybersecurity of UK high street banks can cause reputational damage.
Highlighting the 97% increase in online banking fraud in early 2021, Which? experts identified deficiencies in specific banks’ front-end security. When the Which? Money report was released, analysis by alva recorded a spike in the volume of wider reporting around banks’ cybersecurity.
Simultaneously, alva’s proprietary stakeholder sentiment index picked up a significant dip in sentiment scores surrounding cybersecurity for many UK high street banks. The majority dropped to negative sentiment scores ranging from -64 to -66. Only Barclays, at -30, was able, relatively, to weather the impact of the report and recover more quickly. Barclays received fewer mentions than the average for all banks in negative reporting around cybersecurity in this period.
Neutralising risks, expanding opportunities
Cybersecurity in banking is also under heightened scrutiny from regulators, with continuous upgrades in data protection and privacy rules. These are accompanied by higher fines and regulatory costs – and the impact is not just financial. In the UK, banks must comply with multiple information security standards. Negative reporting around failure to comply damages corporate reputation. Compliance, by contrast, increases data breach resilience and therefore mitigates reputational risk.
For many years now, banks have developed cyber security strategies to protect their data, their systems, and their reputation. Platforms such as UK’s Cyber Security Information Sharing Partnership (CiSP) allows organisations to exchange cyber threat information in real time, offering situational awareness in order to reduce risk. Its confidential nature reduces the reputational risk associated with publicly reporting cyberattacks.
A transparent cybersecurity plan represents a reputational opportunity for banks to demonstrate to stakeholders how critical digital protection is. Banks can also play a role in educating users and employees on how to avoid phishing and malware attacks, and counter the negative impact of cyber vulnerability.
alva’s Reputation Intelligence solution is part of alva’s Stakeholder Intelligence that enables corporates make better decisions and connect better with their stakeholders. Click here to discover more.
Be part of the
Stakeholder Intelligence community