The growing digitisation of transactions has greatly enhanced the ease by which consumers can access financial services today. However, the increased reliance on mobile digital networks and connections via the internet or “cloud” have exposed banks’ complex IT systems to more frequent cyber attacks and cyber crime, which include online and/or mobile fraud, such as fraudulent payments and transfers as well as identity and data theft.

These attacks take the form of malware (malicious software) and phishing such as “Man in the Middle”,“Man in the Browser”, remote account takeover, and other automated malware-driven threats. These are not only targeted at personal customer accounts but also business and corporate banking accounts.

Malware attacks are indiscriminate, aimed not only at the smaller banks that are deemed more vulnerable. More frequently, they target larger banks, which are perceived as having higher standards of security protection and are consequently more trusted, and hence have larger customer bases with higher average balances. Such is the paradox of the cyber security world. An institution’s better security standing may be the very reason that it is targeted. It is therefore no surprise that security breaches at the world’s largest companies are making headlines these days.

The loss of trust and damage to reputation arising from a successful attack is immeasurably harmful, even though actual financial or monetary loss may be mitigated. Recognising the adverse impact on banks and the financial system as a whole, regulators have put in place requirements to ensure high and robust standards on IT security and risk management.