What Does Cybersecurity Mean for Today’s Financial Institutions — and For You?
When it comes to assessing trends in the broader financial services industry that carry meaningful and practical implications for their work, it is increasingly clear that credit managers and collections professionals cannot ignore the issue of data security.
Today’s financial institutions are facing a multifaceted and constantly evolving cybersecurity landscape. They are responding to new regulatory requirements and accelerating developments such as the adoption of digital currency, while concurrently managing the ongoing responsibility to keep their customers’ data secure.
The cost of inaction
Financial institutions and professionals ignore data security matters at their own peril. The average total cost of a data breach rose from $3.86 million to $4.24 million from 2020 to 2021 — nearly a 10-percent increase — according to IBM’s annual Cost of a Data Breach Report. The study, which analyzed 537 breaches across 17 countries and regions as well as 17 different industries, found that organizations with fully deployed security AI (artificial intelligence) and automation experienced costs of $2.9 million per breach, as opposed to $6.71 million per breach for organizations that did not implement those measures, a difference of 80 percent.
In other key findings, the report revealed that each breach took an average of 287 days to identify and contain. The average cost per breach was $1.07 million higher when remote work played a role in causing the incident, amplifying the significance of this challenge during the COVID-19 era. Customer personally identifiable information was involved in 44 percent of breaches, making it the most common form of record lost, with an average cost of $180 per lost or stolen record.
A new environment
Taking cybersecurity seriously is no longer even a choice for financial institutions. New regulatory measures introduced this past November require banks to report any major cybersecurity incident to the government within 36 hours of discovery.
The banking sector is taking a proactive approach to the new landscape, including by recently conducting a cross-industry cyber security drill that sought to improve Wall Street’s knowledge in the area of responding to ransomware attacks and other episodes that could disrupt the delivery of financial services.
The rise of digital currency, meanwhile, is also shaping the new security environment for financial institutions. What happens when banks are dealing with money that they cannot see, touch, or feel? They stand at increased risk of credential theft and loss, counterfeiting, and compromised data encryption resulting from quantum computing. With more than 80 countries launching some form of initiative related to central bank digital currencies, there is also a growing concern that officials such as central bank or government insiders, law enforcement and others may abuse privileges that enable them to take actions like freezing or withdrawing funds, according to the World Economic Forum.
How to respond
Even in more “normal” times, financial institutions have a proven track record of taking a variety of steps to ensure the security of their customers’ data. These best practices include, but are not limited to, anti-virus and anti-malware protection, firewalls, transport layer security (TLS) encryption, two-factor authentication for account login, credential confidentiality, automatic logout from websites and apps, fraud monitoring for accounts, and more.
The banking sector, in particular, is known as a pioneer in the cybersecurity space — so much so that there is a concept known as “bank-grade security.” In essence, institutions across the financial services world and other sectors, as well as individuals on a personal finance level, can rest easier if they adhere to the same security standards as banks.
Depending on your industry, a deeper understanding of cybersecurity trends can also influence your approach to different work scenarios. For instance, a debt collector should consider asking: Does the collection that I am pursuing involve a debtor who recently experience financial loss due to a data breach, thereby affecting their ability to pay? In the same scenario, a credit manager should ask: How does the data breach experienced by the customer affect my decision-making process on their credit rating, compliance, and enforcement? In both instances, might the customer deserve a longer grace period because the breach was beyond their control? And what would be the reputational cost for a debt collection or credit management agency that chooses to ignore the circumstances of a data breach when making these judgment calls?
In regard to the work of credit managers, upholding a high standard of confidentiality is of paramount importance. Credit managers typically handle confidential information, especially when they are dealing with credit cards. It is therefore incumbent upon them to ensure that the information they are handling is secure — for instance, they should avoid writing down credit card information, sending and receiving emails containing a credit card number, or sending and receiving text messages with such information.
Maintaining confidentiality also means that credit managers should not discuss any customer-related information outside of the workplace, or even within the workplace but outside the context of their interactions with that particular customer, unless it is entirely necessary for a supervisor or other colleague to get involved in the process in order to complete the task at hand.
Credit managers can also help ensure data security by using the most secure platforms possible across their modes of communication. For example, data privacy concerns have spurred what has now been a year-long push for mobile users to move their encrypted messaging from Facebook-owned WhatsApp to Signal. After all, you never know when your text message might fall into the wrong hands.
The bottom line
As technology and its associated challenges shift not only by the day but essentially by the minute, we cannot definitively know what to expect for 2022 in the realm of cybersecurity in the financial services industry. Nevertheless, today’s financial institutions and professionals have not only the opportunity, but the responsibility, to meet the requirements of an increasingly sensitive data security landscape by committing to continuously implementing their existing procedures, brainstorming new practices, monitoring trends and assessing their impact, and following through on new industry regulations.
In other words, as a credit manager or collections professional, you have some homework to do: Catch up on the latest data security trends, incorporate that knowledge into the way you do business, and be prepared to continue adjusting on the fly.
