Growing need for data security is spurring innovation
The need to keep data secure is growing in lockstep with the amount of data collected by institutions. This business necessity is a catalyst for innovation.
“Data is the new oil” is a claim that is frequently declared in the banking and insurance sectors. A few months ago, I had the opportunity to interview Jean-Marc Pailhol, Head of Global Strategic Partnerships at Allianz Group. He used that same comparison to highlight how important data is to insurers and how at their core, insurance companies are data companies. They are constantly using customer data to deliver more accurate, responsive, and curated offerings.
With an ever-increasing number of B2C and B2B transactions taking place digitally, banks and insurance companies are now in possession of vast troves of data. Entire banks now exist digitally. Insurtechs use focused data to deliver more targeted offerings for consumers. With the digital transformation of these industries showing no signs of slowing down, the amount of data collected and owned by institutions will continue to grow.
However, with all of this data, and its criticality to business success, comes new security threats. Just as an oil company hires security guards to protect their rigs and refineries from thieves, so do financial services companies need the right measures in place to protect their most valuable assets. This is no small task. It requires the right tools, processes, and regulatory framework to guarantee data safety.
The growing need for stringent security has spurred both the creation of new companies and new innovations at existing institutions. Enstream is a Canadian fintech that we recently profiled. They verify the identities of individuals seeking to open new accounts, authenticate devices, and provide alerts of suspicious activity directly to customers’ mobile phones. They leverage the fact that everyone now has a mobile device in their pocket to create, in real time, more secure transactions for customers, businesses, and the government.
Institutions can also follow a standard set of guidelines as they develop and finetune their cybersecurity strategies. Efma associate member Wavestone recently wrote an article for our site, outlining the steps involved in an effective cybersecurity evaluation:
1. Know the purpose and expectations of your evaluation
2. Find and mobilize the right people at the right level
3. Finding the right balance of technology
4. Reforming at the right level of the organization
While not entirely comprehensive, these steps serve as a good foundation for any institution that is undergoing an evaluation of their cybersecurity measures.
We also spoke with David Décary-Hétu, Chief Research Officer for Flare Systems, about the current cybersecurity landscape for banks. He said, “Banks are targeted on a daily basis as they hold sensitive information about potentially millions of customers. Fortunately, with the development of defense in depth, banks - and other large companies - now have a better chance at identifying data breaches before they happen and stopping them to limit the number of accounts affected.” Creating defense in depth should be a top priority for firms.
One method of defense that he is referring to has been developed in Brazil at Efma member Bradesco. They were named winners in February for Efma’s Banking Innovation of the Month for their “M-token” device reactivation tool. The M-Token, or Bradesco Security Key, is an app installed on the client's mobile device that generates random 6-number passwords. When a customer for any reason uninstalls the Bradesco app from their mobile phone and downloads it again, the app allows the customer to reactivate the security key on the same mobile phone. This type of tool is just one layer of the necessary security banks must employ in modern banking.
Ultimately, taking cybersecurity seriously is a core business issue in the 21st century. Data breaches can be incredibly costly, both in terms of dollars and reputation. It makes a lot more business sense to make the necessary upfront investment than to suffer the consequences further down the road. Conducting a thorough review, using the right tools, and putting in place rigorous processes are paramount to financial institutions maintaining the trust of all their stakeholders. Efma will continue to highlight the best practices and most innovative players in the cybersecurity space to ensure that your institution is able to protect the 21st century oil.