The Banking, Financial Services, and Insurance (BFSI) industry, known for its cautious stance on technology, is swiftly undergoing a transformational modernisation journey. Areas such as digital customer experiences, automated fraud detection, and real-time risk assessment are all part of a technology-led roadmap. This shift is transforming the cybersecurity stance of BFSI organisations, which have conventionally favoured centralising everything within a data centre behind a firewall.
Ecosystm research finds that 75% of BFSI technology leaders believe that a data breach is inevitable. This requires taking a new cyber approach to detect threats early, reduce the impact of an attack, and avoid lateral movement across the network.
BFSI organisations will boost investments in two main areas over the next year: updating infrastructure and software, and exploring innovative domains like digital workplaces and automation. Cybersecurity investments are crucial in both of these areas.
As a regulated industry, breaches come with significant cost implications, underscoring the need to prioritise cybersecurity. BFSI cybersecurity and risk teams need to constantly reassess their strategies for safeguarding data and fulfilling compliance obligations, as they explore ways to facilitate new services for customers, partners, and employees.
The primary concerns of BFSI CISOs can be categorised into two distinct groups:
- Expanding Technology Use. This includes the proliferation of applications and devices, as well as data access beyond the network perimeter.
- Employee-Related Vulnerabilities. This involves responses to phishing and malware attempts, as well as intentional and unintentional misuse of technology.
Vulnerabilities Arising from Employee Actions
Security vulnerabilities arising from employee actions and unawareness represent a significant and ongoing concern for businesses of all sizes and industries – the risks are just much bigger for BFSI. These vulnerabilities can lead to data breaches, financial losses, damage to reputation, and legal ramifications. A multi-pronged approach is needed that combines technology, training, policies, and a culture of security consciousness.
Training and Culture. BFSI organisations prioritise comprehensive training and awareness programs, educating employees about common threats like phishing and best practices for safeguarding sensitive data. While these programs are often ongoing and adaptable to new threats, they can sometimes become mere compliance checklists, raising questions about their true effectiveness. Conducting simulated phishing attacks and security quizzes to assess employee awareness and identify areas where further training is required, can be effective.
To truly educate employees on risks, it’s essential to move beyond compliance and build a cybersecurity culture throughout the organisation. This can involve setting organisation-wide security KPIs that cascade from the CEO down to every employee, promoting accountability and transparency. Creating an environment where employees feel comfortable reporting security concerns is critical for early threat detection and mitigation.
Policies. Clear security policies and enforcement are essential for ensuring that employees understand their roles within the broader security framework, including responsibilities on strong password use, secure data handling, and prompt incident reporting. Implementing the principle of least privilege, which restricts access based on specific roles, mitigates potential harm from insider threats and inadvertent data exposure. Policies should evolve through routine security audits, including technical assessments and evaluations of employee protocol adherence, which will help organisations with a swifter identification of vulnerabilities and to take the necessary corrective actions.
However, despite the best efforts, breaches do happen – and this is where a well-defined incident response plan, that is regularly tested and updated, is crucial to minimise the damage. This requires every employee to know their roles and responsibilities during a security incident.
Tech Expansion Leading to Cyber Complexity
Cloud. Initially hesitant to transition essential workloads to the cloud, the BFSI industry has experienced a shift in perspective due to the rise of inventive SaaS-based Fintech tools and hybrid cloud solutions, that have created new impetus for change. This new distributed architecture requires a fresh look at cyber measures. Secure Access Service Edge (SASE) providers are integrating a range of cloud-delivered safeguards, such as FWaaS, CASB, and ZTNA with SD-WAN to ensure organisations can securely access the cloud without compromising on performance.
Data & AI. Data holds paramount importance in the BFSI industry for informed decision-making, personalised customer experiences, risk assessment, fraud prevention, and regulatory compliance. AI applications are being used to tailor products and services, optimise operational efficiency, and stay competitive in an evolving market. As part of their technology modernisation efforts, 47% of BFSI institutions are refining their data and AI strategies. They also acknowledge the challenges associated – and satisfying risk, regulatory, and compliance requirements is one of the biggest challenges facing BFSI organisations in the AI deployments.
The rush to experiment with Generative AI and foundation models to assist customers and employees is only heightening these concerns. There is an urgent need for policies around the use of these emerging technologies. Initiatives such as the Monetary Authority of Singapore’s Veritas that aim to enable financial institutions to evaluate their AI and data analytics solutions against the principles of fairness, ethics, accountability, and transparency (FEAT) are expected to provide the much-needed guidance to the industry.
Digital Workplace. As with other industries with a high percentage of knowledge workers, BFSI organisations are grappling with granting remote access to staff. Cloud-based collaboration and Fintech tools, BYOD policies, and sensitive data traversing home networks are all creating new challenges for cyber teams. Modern approaches, such as zero trust network access, privilege management, and network segmentation are necessary to ensure workers can seamlessly but securely perform their roles remotely.
Looking Beyond Technology: Evaluating the Adequacy of Compliance-Centric Cyber Strategies
The BFSI industry stands among the most rigorously regulated industries, with scrutiny intensifying following every collapse or notable breach. Cyber and data protection teams shoulder the responsibility of understanding the implications of and adhering to emerging data protection regulations in areas such as GDPR, PCI-DSS, SOC 2, and PSD2. Automating compliance procedures emerges as a compelling solution to streamline processes, mitigate risks, and curtail expenses. Technologies such as robotic process automation (RPA), low-code development, and continuous compliance monitoring are gaining prominence.
The adoption of AI to enhance security is still emerging but will accelerate rapidly. Ecosystm research shows that within the next two years, nearly 70% of BFSI organisations will have invested in SecOps. AI can help Security Operations Centres (SOCs) prioritise alerts and respond to threats faster than could be performed manually. Additionally, the expanding variety of network endpoints, including customer devices, ATMs, and tools used by frontline employees, can embrace AI-enhanced protection without introducing additional onboarding friction.
However, there is a need for BFSI organisations to look beyond compliance checklists to a more holistic cyber approach that can prioritise cyber measures continually based on the risk to the organisations. And this is one of the biggest challenges that BFSI CISOs face. Ecosystm research finds that 72% of cyber and technology leaders in the industry feel that there is limited understanding of cyber risk and governance in their organisations.
In fact, BFSI organisations must look at the interconnectedness of an intelligence-led and risk-based strategy. Thorough risk assessments let organisations prioritise vulnerability mitigation effectively. This targeted approach optimises security initiatives by focusing on high-risk areas, reducing security debt. To adapt to evolving threats, intelligence should inform risk assessment. Intelligence-led strategies empower cybersecurity leaders with real-time threat insights for proactive measures, actively tackling emerging threats and vulnerabilities – and definitely moving beyond compliance-focused strategies.
While there has been much speculation about AI being a potential negative force on humanity, what we do know today is that the accelerated use of AI WILL mean an accelerated use of energy. And if that energy source is not renewable, AI will have a meaningful negative impact on CO2 emissions and will accelerate climate change. Even if the energy is renewable, GPUs and CPUs generate significant heat – and if that heat is not captured and used effectively then it too will have a negative impact on warming local environments near data centres.
Balancing Speed and Energy Efficiency
While GPUs use significantly more energy than CPUs, they run many AI algorithms faster than CPUs – so use less energy overall. But the process needs to run – and these are additional processes. Data needs to be discovered, moved, stored, analysed, cleansed. In many cases, algorithms need to be recreated, tweaked and improved. And then that algorithm itself will kick off new digital processes that are often more processor and energy-intensive – as now organisations might have a unique process for every customer or many customer groups, requiring more decisioning and hence more digitally intensive.
The GPUs, servers, storage, cabling, cooling systems, racks, and buildings have to be constructed – often built from raw materials – and these raw materials need to be mined, transported and transformed. With the use of AI exploding at the moment, so is the demand for AI infrastructure – all of which has an impact on the resources of the planet and ultimately on climate change.
Sustainable Sourcing
Some organisations understand this already and are beginning to use sustainable sourcing for their technology services. However, it is not a top priority with Ecosystm research showing only 15% of organisations focus on sustainable procurement.
Technology Providers Can Help
Leading technology providers are introducing initiatives that make it easier for organisations to procure sustainable IT solutions. The recently announced HPE GreenLake for Large Language Models will be based in a data centre built and run by Qscale in Canada that is not only sustainably built and sourced, but sits on a grid supplying 99.5% renewable electricity – and waste (warm) air from the data centre and cooling systems is funneled to nearby greenhouses that grow berries. I find the concept remarkable and this is one of the most impressive sustainable data centre stories to date.
The focus on sustainability needs to be universal – across all cloud and AI providers. AI usage IS exploding – and we are just at the tip of the iceberg today. It will continue to grow as it becomes easier to use and deploy, more readily available, and more relevant across all industries and organisations. But we are at a stage of climate warming where we cannot increase our greenhouse gas emissions – and offsetting these emissions just passes the buck.
We need more companies like HPE and Qscale to build this Sustainable Future – and we need to be thinking the same way in our own data centres and putting pressure on our own AI and overall technology value chain to think more sustainably and act in the interests of the planet and future generations. Cloud providers – like AWS – are committed to the NetZero goal (by 2040 in their case) – but this is meaningless if our requirement for computing capacity increases a hundred-fold in that period. Our businesses and our tech partners need to act today. It is time for organisations to demand it from their tech providers to influence change in the industry.
All growth must end eventually. But it is a brave person who will predict the end of growth for the public cloud hyperscalers. The hyperscaler cloud revenues have been growing at between 25-60% the past few years (off very different bases – and often including and counting different revenue streams). Even the current softening of economic spend we are seeing across many economies is only causing a slight slowdown.
Looking forward, we expect growth in public cloud infrastructure and platform spend to continue to decline in 2024, but to accelerate in 2025 and 2026 as businesses take advantage of new cloud services and capabilities. However, the sheer size of the market means that we will see slower growth going forward – but we forecast 2026 to see the highest revenue growth of any year since public cloud services were founded.
The factors driving this growth include:
- Acceleration of digital intensity. As countries come out of their economic slowdowns and economic activity increases, so too will digital activity. And greater volumes of digital activity will require an increase in the capacity of cloud environments on which the applications and processes are hosted.
- Increased use of AI services. Businesses and AI service providers will need access to GPUs – and eventually, specialised AI chipsets – which will see cloud bills increase significantly. The extra data storage to drive the algorithms – and the increase in CPU required to deliver customised or personalised experiences that these algorithms will direct will also drive increased cloud usage.
- Further movement of applications from on-premises to cloud. Many organisations – particularly those in the Asia Pacific region – still have the majority of their applications and tech systems sitting in data centre environments. Over the next few years, more of these applications will move to hyperscalers.
- Edge applications moving to the cloud. As the public cloud giants improve their edge computing capabilities – in partnership with hardware providers, telcos, and a broader expansion of their own networks – there will be greater opportunity to move edge applications to public cloud environments.
- Increasing number of ISVs hosting on these platforms. The move from on-premise to cloud will drive some growth in hyperscaler revenues and activities – but the ISVs born in the cloud will also drive significant growth. SaaS and PaaS are typically seeing growth above the rates of IaaS – but are also drivers of the growth of cloud infrastructure services.
- Improving cloud marketplaces. Continuing on the topic of ISV partners, as the cloud hyperscalers make it easier and faster to find, buy, and integrate new services from their cloud marketplace, the adoption of cloud infrastructure services will continue to grow.
- New cloud services. No one has a crystal ball, and few people know what is being developed by Microsoft, AWS, Google, and the other cloud providers. New services will exist in the next few years that aren’t even being considered today. Perhaps Quantum Computing will start to see real business adoption? But these new services will help to drive growth – even if “legacy” cloud service adoption slows down or services are retired.
Hybrid Cloud Will Play an Important Role for Many Businesses
Growth in hyperscalers doesn’t mean that the hybrid cloud will disappear. Many organisations will hit a natural “ceiling” for their public cloud services. Regulations, proximity, cost, volumes of data, and “gravity” will see some applications remain in data centres. However, businesses will want to manage, secure, transform, and modernise these applications at the same rate and use the same tools as their public cloud environments. Therefore, hybrid and private cloud will remain important elements of the overall cloud market. Their success will be the ability to integrate with and support public cloud environments.
The future of cloud is big – but like all infrastructure and platforms, they are not a goal in themselves. It is what cloud is and will further enable businesses and customers which is exciting. As the rates of digitisation and digital intensity increase, the opportunities for the cloud infrastructure and platform providers will blossom. Sometimes they will be the driver of the growth, and other times they will just be supporting actors. But either way, in 2026 – 20 years after the birth of AWS – the growth in cloud services will be bigger than ever.
As organisations demand more industry-ready and localised services, global technology companies feel an active need to re-evaluate their capabilities and bridge gaps through partnerships and acquisitions. Ecosystm has been helping global technology companies evolve their partner strategies to remain relevant to the Asia Pacific market.
Our analysis of the tech acquisition landscape in Asia Pacific over the last three years shows that:
- While global tech providers are expanding their presence in Australia and Singapore, emerging markets in Southeast Asia are receiving a fair share of attention. 17% of tech acquisitions by global tech companies between 2020-22 have been in these markets.
- A quarter of the acquisitions were for product and platform capabilities. The rest were all done to bolster services portfolios – such as managed technology, business process, implementation & integration and consulting services.
- A large percentage of the acquisitions are to bolster industry capabilities through transformative technologies such as AI/ML, cloud and cybersecurity.
Here is the analysis of more than 100 acquisitions made by large global tech companies in Asia Pacific between 2020-2022.
Download ‘Asia Pacific Tech Acquisition Trends’ as a PDF
Organisations will continue their quest to become digital and data-first in 2023. Business process automation will be a priority for the majority; but many will look at their data strategically to derive better business value.
As per Ecosystm’s Digital Digital Enterprise Study 2022, organisations will focus equally on Automation and Strategic AI in 2023.
Here are the top 5 trends for the Intelligent Enterprise in 2023 according to Ecosystm analysts, Alan Hesketh, Peter Carr, Sash Mukherjee and Tim Sheedy.
- Cloud Will Be Replaced by AI as the Right Transformation Goal
- Adoption of Data Platform Architecture Will See an Uptick
- Tech Teams Will Finally Focus on Internal Efficiency
- Data Retention/Deletion and Records Management Will Be Top Priority
- AI Will Replace Entire Human Jobs
Read on for more details.
Download Ecosystm Predicts: The Top 5 Trends for the Intelligent Enterprise in 2023 as a PDF
November has seen uncertainties in the technology market with news of layoffs and hiring freezes from big names in the industry – Meta, Amazon, Salesforce, and Apple to name a few. These have impacted thousands of people globally, leaving tech talent with one common question, ‘What next?’
While the current situation and economic trends may seem grim, it is not all bad news for tech workers. It is true that people strategies in the sector may be impacted, but there are still plenty of opportunities for tech experts in the industry.
Here is what Ecosystm Analysts say about what’s next for technology workers.
Today, we are seeing two quite conflicting signals in the market: Tech vendors are laying off staff; and IT teams in businesses are struggling to hire the people they need.
At Ecosystm, we still expect a healthy growth in tech spend in 2023 and 2024 regardless of economic conditions. Businesses will be increasing their spend on security and data governance to limit their exposure to cyber-attacks; they will spend on automation to help teams grow productivity with current or lower headcount; they will continue their cloud investments to simplify their technology architectures, increase resilience, and to drive business agility. Security, cloud, data management and analytics, automation, and digital developers will all continue to see employment opportunities.
If this is the case, then why are tech vendors laying off headcount?
The slowdown in the American economy is a big reason. Tech providers that are laying of staff are heavily exposed to the American market.
- Salesforce – 68% Americas
- Facebook – 44% North America
- Genesys – around 60% in North America
Much of the messaging that these providers are giving is it is not that business is performing poorly – it is that growth is slowing down from the fast pace that many were witnessing when digital strategies accelerated.
Some of these tech providers might also be using the opportunity to “trim the fat” from their business – using the opportunity to get rid of the 2-3% of staff or teams that are underperforming. Interestingly, many of the people that are being laid off are from in or around the sales organisation. In some cases, tech providers are trimming products or services from their business and associated product, marketing, and technical staff are also being laid off.
While the majority of the impact is being felt in North America, there are certainly some people being laid off in Asia Pacific too. Particularly in companies where the development is done in Asia (India, China, ASEAN, etc.), there will be some impact when products or services are discontinued.
While it is not all bad news for tech talent, there is undoubtedly some nervousness. So this is what you should think about:
Change your immediate priorities. Ecosystm research found that 40% of digital/IT talent were looking to change employers in 2023. Nearly 60% of them were also thinking of changes in terms of where they live and their career.
This may not be the right time to voluntarily change your job. Job profiles and industry requirements should guide your decision – by February 2023, a clearer image of the job market will emerge. Till then, upskill and get those certifications to stay relevant!
Be prepared for contract roles. With a huge pool of highly skilled technologists on the hunt for new opportunities, smaller technology providers and start-ups have a cause to celebrate. They have faced the challenge of getting the right talent largely because of their inability to match the remunerations offered by large tech firms.
These companies may still not be able to match the benefits offered by the large tech firms – but they provide opportunities to expand your portfolio, industry expertise, and experience in emerging technologies. This will see a change in job profiles. It is expected that more contractual roles will open up for the technology industry. You will have more opportunities to explore the option of working on short-term assignments and consulting projects – sometimes on multiple projects and with multiple clients at the same time.
Think about switching sides. The fact remains that digital and technology upgrades continue to be organisational priorities, across all industries. As organisations continue on their digital journeys, they have an immense potential to address their skills gap now with the availability of highly skilled talent. In a recently conducted Ecosystm roundtable, CIOs reported that new graduates have been demanding salaries as high as USD 200,000 per annum! Even banks and consultancies – typically the top paying businesses – have been finding it hard to afford these skills! These industries may well benefit from the layoffs.
If you look at technology job listings, we see no signs of the demand abating!
Organisations are aware that they must reinvent themselves continually to remain relevant to their customers, engage their employees and be profitable – and yet they find it challenging to live with the present pace of change.
Achieving a new equilibrium requires organisations to have the right skills; execute effectively every day; drive the best priorities for change; and refresh and renew their capabilities. Organisations will require adaptable people, processes, technologies and data to position themselves to harness the future.
Here are 5 insights that will help you shape your change strategy.
- Productivity persists as a priority. Recruit, train and retain essential skills and look for partners who are leaders in their sphere to provide the other, less differentiating capabilities.
- Digital debt is not only technical. Continuous reinvention requires the identification of an organisation’s digital debt, and evolution of the processes, technology and data to reduce legacy constraints. This will support the reuse and refactoring of existing capabilities in new ways and the introduction of new capabilities.
- Both operations and the customer matter. Investment in both the customer experience and operational efficiency needs to be balanced keeping in mind organisations’ limited available resources.
- Technology must be adaptive. Establishing isolation zones between components to minimise the impact of changing components is becoming key to the rapid delivery of value.
- Tomorrow’s excellence will be driven by iterative reinvention. Iterative innovation will become easier with the adoption of intelligent automation and adaptive AI/ machine learning. However, not only will this require a debt-free technical environment, it will also need an adaptive and scalable infrastructure.
More insights are below.
Click here to download – The Future of Business: 5 Ways to Shape Your Change Strategy
Organisations have had to transform and innovate to survive over the last two years. However, now when they look at their competitors, they see that everyone has innovated at about the same pace. The 7-year innovation cycle is history in today’s world – organisations need the right strategy and technologies to bring the time to market for innovations down to 1-2 years.
As they continue to innovate to stay ahead of the competition, here are 5 things organisations in India should keep in mind:
- The drivers of innovation will shift rapidly and industry trends need to be monitored continually to adapt to these shifts.
- Their biggest challenge in deploying Data & AI solutions will be identification of the right data for the right purpose – this will require a robust data architecture.
- While customer experience gives them immediate and tangible benefits, employee experience is almost equally – if not more – important.
- Cloud investments have helped build distributed enterprises – but streamlining investments needs a lot of focus now.
- There is a misalignment between organisations’ overall awareness of growing cyber threats and risks and their responses to them. A new cyber approach is urgently needed.
More insights into the India tech market are below.
Click here to download The Future of the Digital Enterprise – Southeast Asia as a PDF
Southeast Asia has evolved into an innovation hub with Singapore at the centre. The entrepreneurial and startup ecosystem has grown significantly across the region – for example, Indonesia now has the 5th largest number of startups in the world.
Organisations in the region are demonstrating a strong desire for tech-led innovation, innovation in experience delivery, and in evolving their business models to bring innovative products and services to market.
Here are 5 insights on the patterns of technology adoption in Southeast Asia, based on the findings of the Ecosystm Digital Enterprise Study, 2022.
- Data and AI investments are closely linked to business outcomes. There is a clear alignment between technology and business.
- Technology teams want better control of their infrastructure. Technology modernisation also focuses on data centre consolidation and cloud strategy
- Organisations are opting for a hybrid multicloud approach. They are not necessarily doing away with a ‘cloud first’ approach – but they have become more agnostic to where data is hosted.
- Cybersecurity underpins tech investments. Many organisations in the region do not have the maturity to handle the evolving threat landscape – and they are aware of it.
- Sustainability is an emerging focus area. While more effort needs to go in to formalise these initiatives, organisations are responding to market drivers.
More insights into the Southeast Asia tech market below.
Click here to download The Future of the Digital Enterprise – Southeast Asia as a PDF
