Do you believe in the cybersecurity of your bank?
And do banks believe in their own cybersecurity?
The quick answers are: yes we do-and no they don’t.
To focus on the positives to kick off: banks enjoy a far higher level of trust from Jo Public in the cybersecurity of their systems at 83% than any other sector.
E-commerce firms have a miserable 28% of consumer trust but not as dire as telcos and retailers who limp in with 13%.
The figures by the by come courtesy of a report out today from CamGemini.
But back at the banks: only one in five (21%) bank executives are highly confident in their ability to detect a breach, let alone defend against it.
Not a mis-print-a mere 21%.
It is a stunning gap. Nor was the survey a snapshot of opinion in one market with a modest sample. CapGemini spoke with 7,600 consumers across eight major markets (France, Germany, India, the Netherlands, Spain, Sweden, the UK and US).
It gets worse: while one in four financial institutions reported to having been victim of a hack, only 3% of consumers believe their own bank has ever been breached.
A less surprising snippet from the report is the finding that three quarters of consumers (74%) would switch their provider in the event of a data breach.
So what to do? Legislation comes into effect in May 2018 that will force organisations to disclose data breaches within 72 hours or face large penalties. Though an EU law, the Regulation will applies to firms (whether EU based nor not) that process personal data of European citizens, and is expected to affect banks and insurers in the US, UK and Asia.
You can write the hysterical Daily Mail headlines now, in the event of a bank falling foul of the legislation.
With security concerns still deterring almost one half of consumers in many markets from using digital channels, there is no scope here for false economies or corner cutting.
So the next Digital Banking Club debate- a reminder of the motion: This house believes the password will never be replaced by your body –’becomes even more intriguing.
At the risk of stating the obvious, the old fashioned notion of user name ID and a password is not the ideal method of establishing identity.
If banks could make just one change – utilise best practice in authentication – that would be one small step in the right direction.