Building a Cyber Resilient Financial Organisation

5/5 (4)

5/5 (4)

The Banking, Financial Services, and Insurance (BFSI) industry, known for its cautious stance on technology, is swiftly undergoing a transformational modernisation journey. Areas such as digital customer experiences, automated fraud detection, and real-time risk assessment are all part of a technology-led roadmap. This shift is transforming the cybersecurity stance of BFSI organisations, which have conventionally favoured centralising everything within a data centre behind a firewall. 

Ecosystm research finds that 75% of BFSI technology leaders believe that a data breach is inevitable. This requires taking a new cyber approach to detect threats early, reduce the impact of an attack, and avoid lateral movement across the network.  

BFSI organisations will boost investments in two main areas over the next year: updating infrastructure and software, and exploring innovative domains like digital workplaces and automation. Cybersecurity investments are crucial in both of these areas.

As a regulated industry, breaches come with significant cost implications, underscoring the need to prioritise cybersecurity. BFSI cybersecurity and risk teams need to constantly reassess their strategies for safeguarding data and fulfilling compliance obligations, as they explore ways to facilitate new services for customers, partners, and employees.  

The primary concerns of BFSI CISOs can be categorised into two distinct groups:

  1. Expanding Technology Use. This includes the proliferation of applications and devices, as well as data access beyond the network perimeter.
  2. Employee-Related Vulnerabilities. This involves responses to phishing and malware attempts, as well as intentional and unintentional misuse of technology.

Vulnerabilities Arising from Employee Actions

Security vulnerabilities arising from employee actions and unawareness represent a significant and ongoing concern for businesses of all sizes and industries – the risks are just much bigger for BFSI. These vulnerabilities can lead to data breaches, financial losses, damage to reputation, and legal ramifications. A multi-pronged approach is needed that combines technology, training, policies, and a culture of security consciousness. 

Training and Culture. BFSI organisations prioritise comprehensive training and awareness programs, educating employees about common threats like phishing and best practices for safeguarding sensitive data. While these programs are often ongoing and adaptable to new threats, they can sometimes become mere compliance checklists, raising questions about their true effectiveness. Conducting simulated phishing attacks and security quizzes to assess employee awareness and identify areas where further training is required, can be effective.  

To truly educate employees on risks, it’s essential to move beyond compliance and build a cybersecurity culture throughout the organisation. This can involve setting organisation-wide security KPIs that cascade from the CEO down to every employee, promoting accountability and transparency. Creating an environment where employees feel comfortable reporting security concerns is critical for early threat detection and mitigation. 

Policies. Clear security policies and enforcement are essential for ensuring that employees understand their roles within the broader security framework, including responsibilities on strong password use, secure data handling, and prompt incident reporting. Implementing the principle of least privilege, which restricts access based on specific roles, mitigates potential harm from insider threats and inadvertent data exposure. Policies should evolve through routine security audits, including technical assessments and evaluations of employee protocol adherence, which will help organisations with a swifter identification of vulnerabilities and to take the necessary corrective actions.  

However, despite the best efforts, breaches do happen – and this is where a well-defined incident response plan, that is regularly tested and updated, is crucial to minimise the damage. This requires every employee to know their roles and responsibilities during a security incident. 

Tech Expansion Leading to Cyber Complexity

Cloud. Initially hesitant to transition essential workloads to the cloud, the BFSI industry has experienced a shift in perspective due to the rise of inventive SaaS-based Fintech tools and hybrid cloud solutions, that have created new impetus for change. This new distributed architecture requires a fresh look at cyber measures. Secure Access Service Edge (SASE) providers are integrating a range of cloud-delivered safeguards, such as FWaaS, CASB, and ZTNA with SD-WAN to ensure organisations can securely access the cloud without compromising on performance.   

Data & AI. Data holds paramount importance in the BFSI industry for informed decision-making, personalised customer experiences, risk assessment, fraud prevention, and regulatory compliance. AI applications are being used to tailor products and services, optimise operational efficiency, and stay competitive in an evolving market. As part of their technology modernisation efforts, 47% of BFSI institutions are refining their data and AI strategies. They also acknowledge the challenges associated – and satisfying risk, regulatory, and compliance requirements is one of the biggest challenges facing BFSI organisations in the AI deployments.  

The rush to experiment with Generative AI and foundation models to assist customers and employees is only heightening these concerns. There is an urgent need for policies around the use of these emerging technologies. Initiatives such as the Monetary Authority of Singapore’s Veritas that aim to enable financial institutions to evaluate their AI and data analytics solutions against the principles of fairness, ethics, accountability, and transparency (FEAT) are expected to provide the much-needed guidance to the industry.  

Digital Workplace. As with other industries with a high percentage of knowledge workers, BFSI organisations are grappling with granting remote access to staff. Cloud-based collaboration and Fintech tools, BYOD policies, and sensitive data traversing home networks are all creating new challenges for cyber teams. Modern approaches, such as zero trust network access, privilege management, and network segmentation are necessary to ensure workers can seamlessly but securely perform their roles remotely.  

Looking Beyond Technology: Evaluating the Adequacy of Compliance-Centric Cyber Strategies

The BFSI industry stands among the most rigorously regulated industries, with scrutiny intensifying following every collapse or notable breach. Cyber and data protection teams shoulder the responsibility of understanding the implications of and adhering to emerging data protection regulations in areas such as GDPR, PCI-DSS, SOC 2, and PSD2. Automating compliance procedures emerges as a compelling solution to streamline processes, mitigate risks, and curtail expenses. Technologies such as robotic process automation (RPA), low-code development, and continuous compliance monitoring are gaining prominence.  

The adoption of AI to enhance security is still emerging but will accelerate rapidly. Ecosystm research shows that within the next two years, nearly 70% of BFSI organisations will have invested in SecOps. AI can help Security Operations Centres (SOCs) prioritise alerts and respond to threats faster than could be performed manually. Additionally, the expanding variety of network endpoints, including customer devices, ATMs, and tools used by frontline employees, can embrace AI-enhanced protection without introducing additional onboarding friction. 

However, there is a need for BFSI organisations to look beyond compliance checklists to a more holistic cyber approach that can prioritise cyber measures continually based on the risk to the organisations. And this is one of the biggest challenges that BFSI CISOs face. Ecosystm research finds that 72% of cyber and technology leaders in the industry feel that there is limited understanding of cyber risk and governance in their organisations.  

In fact, BFSI organisations must look at the interconnectedness of an intelligence-led and risk-based strategy. Thorough risk assessments let organisations prioritise vulnerability mitigation effectively. This targeted approach optimises security initiatives by focusing on high-risk areas, reducing security debt. To adapt to evolving threats, intelligence should inform risk assessment. Intelligence-led strategies empower cybersecurity leaders with real-time threat insights for proactive measures, actively tackling emerging threats and vulnerabilities – and definitely moving beyond compliance-focused strategies. 

The Resilient Enterprise
0
Building Synergy Between Policy & Technology​

5/5 (1)

5/5 (1)

Zurich will be the centre of attention for the Financial and Regulatory industries from June 26th to 28th as it hosts the second edition of the Point Zero Forum. Organised by Elevandi and the Swiss State Secretariat for International Finance, this event serves as a platform to encourage dialogue on policy and technology in Financial Services, with a particular emphasis on adopting transformative technologies and establishing the necessary governance and risk frameworks.

As a knowledge partner, Ecosystm is deeply involved in the Point Zero Forum. Throughout the event, we will actively engage in discussions and closely monitor three key areas: ESG, digital assets, and Responsible AI.

Read on to find out what our leaders — Amit Gupta (CEO, Ecosystm Group), Ullrich Loeffler (CEO and Co-Founder, Ecosystm), and Anubhav Nayyar (Chief Growth Advisor, Ecosystm) — say about why this will be core to building a sustainable and innovative future. 

Building-Synergy-Between-Policy-and-Technology-1
Building-Synergy-Between-Policy-and-Technology-2
Building-Synergy-Between-Policy-and-Technology-3
Building-Synergy-Between-Policy-and-Technology-4
Building-Synergy-Between-Policy-and-Technology-5
Building-Synergy-Between-Policy-and-Technology-6
Building-Synergy-Between-Policy-and-Technology-7
Building-Synergy-Between-Policy-and-Technology-8
Building-Synergy-Between-Policy-and-Technology-9
previous arrowprevious arrow
next arrownext arrow
Building-Synergy-Between-Policy-and-Technology-1
Building-Synergy-Between-Policy-and-Technology-2
Building-Synergy-Between-Policy-and-Technology-3
Building-Synergy-Between-Policy-and-Technology-4
Building-Synergy-Between-Policy-and-Technology-5
Building-Synergy-Between-Policy-and-Technology-6
Building-Synergy-Between-Policy-and-Technology-7
Building-Synergy-Between-Policy-and-Technology-8
Building-Synergy-Between-Policy-and-Technology-9
previous arrow
next arrow
Shadow

Download ‘Building Synergy Between Policy & Technology​’ as a PDF

Get your Free Copy
0
5 Actions to Achieve Your AI Ambitions​

5/5 (1)

The Evolution of Global Capability Centres in India

5/5 (4)

5/5 (4)

In this Insight, our guest author Anupam Verma talks about how the Global Capability Centres (GCCs) in India are poised to become Global Transformation Centres. “In the post-COVID world, industry boundaries are blurring, and business models are being transformed for the digital age. While traditional functions of GCCs will continue to be providing efficiencies, GCCs will be ‘Digital Transformation Centres’ for global businesses.”

Anupam Verma, Senior Leadership Team, ICICI Bank

India has a lot to offer to the world of technology and transformation. Attracted by the talent pool, enabling policies, digital infrastructure, and competitive cost structure, MNCs have long embraced India as a preferred destination for Global Capability Centres (GCCs). It has been reported that India has more than 1,700 GCCs with an estimated global market share of over 50%.

GCCs employ around 1 million Indian professionals and has an immense impact on the economy, contributing an estimated USD 30 billion. US MNCs have the largest presence in the market and the dominating industries are BSFI, Engineering & Manufacturing, Tech & Consulting.

GCC capabilities have always been evolving

The journey began with MNCs setting up captives for cost optimisation & operational excellence. GCCs started handling operations (such as back-office and business support functions), IT support (such as app development and maintenance, remote IT infrastructure, and help desk) and customer service contact centres for the parent organisation.

In the second phase, MNCs started leveraging GCCs as centers of excellence (CoE). The focus then was product innovation, Engineering Design & R&D. BFSI and Professional Services firms started expanding the scope to cover research, underwriting, and consulting etc. Some global MNCs that have large GCCs in India are Apple, Microsoft, Google, Nissan, Ford, Qualcomm, Cisco, Wells Fargo, Bank of America, Barclays, Standard Chartered, and KPMG.

In the post-COVID world, industry boundaries are blurring, and business models are being transformed for the digital age. While traditional functions of GCCs will continue to be providing efficiencies, GCCs will be “Digital Transformation Centres” for global businesses.

The New Age GCC in the post-COVID world

On one hand, the pandemic broke through cultural barriers that had prevented remote operations and work. The world became remote everything! On the other hand, it accelerated digital adoption in organisations. Businesses are re-imagining customer experiences and fast-tracking digital transformation enabled by technology (Figure 1). High digital adoption and rising customer expectations will also be a big catalyst for change.

Impact of COVID-19 on Digital Transformation

In last few years, India has seen a surge in talent pool in emerging technologies such as data analytics, experience design, AI/ML, robotic process automation, IoT, cloud, blockchain and cybersecurity. GCCs in India will leverage this talent pool and play a pivotal role in enabling digital transformation at a global scale. GCCs will have direct and significant impacts on global business performance and top line growth creating long-term stakeholder value – and not be only about cost optimisation.

GCCs in India will also play an important role in digitisation and automation of existing processes, risk management and fraud prevention using data analytics and managing new risks like cybersecurity.

More and more MNCs in traditional businesses will add GCCs in India over the next decade and the existing 1,700 plus GCCs will grow in scale and scope focussing on innovation. Shift of supply chains to India will also be supported by Engineering R & D Centres. GCCs passed the pandemic test with flying colours when an exceptionally large workforce transitioned to the Work from Home model. In a matter of weeks, the resilience, continuity, and efficiency of GCCs returned to pre-pandemic levels with a distributed and remote workforce.

A Final Take

Having said that, I believe the growth spurt in GCCs in India will come from new-age businesses. Consumer-facing platforms (eCommerce marketplaces, Healthtechs, Edtechs, and Fintechs) are creating digital native businesses. As of June 2021, there are more than 700 unicorns trying to solve different problems using technology and data. Currently, very few unicorns have GCCs in India (notable names being Uber, Grab, Gojek). However, this segment will be one of the biggest growth drivers.

Currently, only 10% of the GCCs in India are from Asia Pacific organisations. Some of the prominent names being Hitachi, Rakuten, Panasonic, Samsung, LG, and Foxconn. Asian MNCs have an opportunity to move fast and stay relevant. This segment is also expected to grow disproportionately.

New age GCCs in India have the potential to be the crown jewel for global MNCs. For India, this has a huge potential for job creation and development of Smart City ecosystems. In this decade, growth of GCCs will be one of the core pillars of India’s journey to a USD 5 trillion economy.

The views and opinions mentioned in the article are personal.
Anupam Verma is part of the Senior Leadership team at ICICI Bank and his responsibilities have included leading the Bank’s strategy in South East Asia to play a significant role in capturing Investment, NRI remittance, and trade flows between SEA and India.

More Insights to tech Buyer Guidance
1
Future of Talent – Key Dimensions

5/5 (2)

5/5 (2)

Organisations are finding that the ways to do work and conduct business are evolving rapidly. It is evident that we cannot use the perspectives from the past as a guide to the future. As a consequence both leaders and employees are discovering and adapting both their work and their expectations from it. In general, while job security concerns still command a big mindshare, the simpler productivity measures are evolving to more nuanced wellness measures. This puts demands on the CHRO and the leadership team to think about company, customer and people strategy as one holistic way of working and doing business.

Organisations will have to re-think their people and technology to evolve their Future of Work policies and strategise their Future of Talent. There are multiple dimensions that will require attention.

Hybrid is Becoming Mainstream  

It is clear that hybrid workplaces are here to stay. Ecosystm research finds that in 2021 BFSI organisations will use more collaboration tools and platforms, and virtual meetings (Figure 1). Nearly 40% expect more employees to work from home, but only about a quarter of organisations are looking to reduce their physical workspaces. Organisations will give more choice to employees in the location of their work – and employees will choose to work from where they are more productive. The Hybrid model will be more mainstream than it has been in the last few months.

Companies are coming to terms with the fact that there is no single answer to operating in the new world. Experimentation and learnings are continuously captured to create the right workforce and workplace model that works best. Agility both in terms of being able to undersand the market as well as quickly adapt is becoming quite important. Thus being able to use different models and ways of working at the same time is the new norm.

Technology and Talent are Core

Talent and tech are the two core pillars that companies need to look at to be successful against their competition. It is becoming imperative to create synergy between the two to deliver a superior value proposition to customers. Companies that are able to bring the customer and employee experience journeys together will be able to create better value. HR tech stacks need to evolve to be more deliberate in the way they link the employee experience, customer experience, and the culture of the organisation. That’s how the Employee Value Proposition (EVP) comes to life on a day-to-day basis to the employers. With evolving work models, the tech stack is a key EVP pillar.

Governments will also need to partner with industry to make such talent available. Singapore is rolling out a new “Tech.Pass” to support the entry of up to 500 proven founders, leaders and experts from top tech companies into Singapore. Its an extension of the Tech@SG program launched in 2019, to provide fast-growing companies greater assurance and access to the talent they need. The EDB will administer the pass, supported by the Ministry of Manpower.

Attracting the Right Talent

Talent has always been difficult to find. Even with globalisation, significant investment of time and resources is needed to find and relocate talent to the right geography. In many instances this was not possible given the preferences of the candidates and/or the hiring managers. COVID-19 has changed this drastically. Remote working and distributed teams have become acceptable. With limitations on immigration and travel for work, there is a lot more openness to finding and hiring talent from outside the traditional talent pool.

However it is not as simple as it seems. The cost per applicant (CPA) – the cost to convert a job seeker to a job applicant – had been averaging US$11-12 throughout 2019 according to recruiting benchmark data from programmatic recruitment advertising provider, Appcast. But, the impact of COVID-19 saw the CPA reach US$19 in June – a 60% increase. I expect that finding right talent is going to be a “needle in a haystack” issue. But this is only one side of the coin – the other aspect is that the talent profile needed to be successful in roles that are all remote or hybrid is also significantly different from what it was before. Companies need to pay special attention to what kind of people they would like to hire in these new roles. Without this due consideration it is very likely that there would be difficulty in on-boarding and making these new hires successful within the organisation.

Automation Augmentation and Skills

The pace at which companies are choosing to automate or apply AI is increasing. This is changing the work patterns and job requirements for many roles within the industry. According to the BCG China AI study on the financial sector 23% of the roles will be replaced by AI by 2027. The roles that will not be replaced will need a higher degree of soft skills, critical thinking and creativity. However, automation is not the endgame. Firms that go ahead with automation without considering the implications on the business process, and the skills and roles it impacts will end up disrupting the business and customer experience. Firms will have to really design their customer journeys, their business processes along with roles and capabilities needed. Job redesign and reskilling will be key to ensuring a great customer experience

Analytics is Inadequate Without the Right Culture

Data-driven decision-making as well as modelling is known to add value to business. We have great examples of analytics and data modelling being used successfully in Attrition, Recruitment, Talent Analytics, Engagement and Employee Experience. The next evolution is already underway with advanced analytics, sentiment analysis, organisation network analysis and natural language processing (NLP) being used to draw better insights and make people strategies predictive. Being able to use effective data models to predict and and draw insights will be a key success factor for leadership teams. Data and bots do not drive engagement and alignment to purpose – leaders do. Working to promote transparency of data insights and decisions, for faster response, to champion diversity, and give everyone a voice through inclusion will lead to better co-creation, faster innovation and an overall market agility.  

Creating a Synergy

We are seeing a number of resets to what we used to know, believe and think about the ways of working. It is a good time to rethink what we believe about the customer, business talent and tech. Just like customer experience is not just about good sales skills or customer service – the employee experience and role of Talent is also evolving rapidly. As companies experiment with work models, technology and work environment, there will a need to constantly recalibrate business models, job roles, job technology and skills. With this will come the challenge of melding the pieces together within the context of the entire business without falling into the trap of siloed thinking. Only by bringing together businesses processes, talent, capability evolution, culture and digital platforms together as one coherent ecosystem can firms create a winning formula to create a competitive edge.


Singapore FinTech Festival 2020: Talent Summit

For more insights, attend the Singapore FinTech Festival 2020: Infrastructure Summit which will cover topics on Founders success and failure stories, pandemic impact on founders and talent development, upskilling and reskilling for the future of work.

Get Access
2