Can IFCs Build a Brand Around Cybersecurity?

In 2009, cybercrime took a new turn when North Korea started to use hackers to steal money that had been used to fund its cash-strapped government. The Sony Pictures hacking incident in 2014 and the attempt to steal US$951 million from the Bangladesh Central Bank over the global SWIFT financial network in 2016 have been widely publicised as examples of operations conducted by the Korean People's Army. There is no doubt that cyber-attacks continue clocking US billions every year, with no sign of a slow-down. It is likely that the greatest risk IFCs now face comes from the cyber arena. As a result, research and innovation are crucial for the protection of financial services' energy grids, databases and communication networks.

It is always difficult to assess who is really sitting behind the keyboard undertaking a cyber-attack and what their real intentions are. People committing a cybercrime can be anyone, including insider activists, criminal organisations, corporations, terrorists, the cyber division of a foreign military, or any combination of perpetrators. One of the challenges of cyber security is to rate the severity of the attacks to define when things switch classification, from a criminal attack, to an act of war compromising strategic national assets. This may not initially be clear. Large cyber-attacks are now a matter of sovereign responsibility. Each jurisdiction may have a different judgment based on the frequency, nature of, and intensity of the attacks – from fake news and viruses to Denial of Service Attacks and their intention to inflict economic damage.

Highly secured financial networks and closed clouds handle most of the daily burden in the settlement of financial transactions, and many companies have sprung up to offer the safekeeping of securities and asset servicing. However, it is difficult to secure multiple gateways since the internet was not originally conceived with security protection in mind. This is becoming even more challenging as the finance industry is being remodelled by ever newer financial technologies (FinTech), introducing a wide range of end user innovations. At a time of accelerated change, exploiting vulnerabilities in hardware and software, or taking advantage of inadvertent decisions or mistakes made by the end users is not so difficult. Human error probably accounts for 90 per cent of the successful cybersecurity attacks on large computer systems. For this reason, it is important that cybersecurity awareness features early on in every finance professional's curriculum — an emergency first response IT playbook of sorts.

While compliance requires an assessment of the historical track record of the participants, cyber safety is more about what is going to happen tomorrow. Major risks may not be correlated with a historic pattern and too much emphasis is arguably being put on this approach. Quantum computers and artificial intelligence are capable of identifying abnormal patterns by a significantly higher order of magnitude than existing machines. This technology will be decisive in the branding of IFCs. Of course, access to this technology will not be shared out equally as it will require, not only billions of dollars of investment, but real technical breakthroughs to create a singularity. Those most capable of building on their cyber competitive advantage will be the depositors of financial trust. Better secured IFCs will command a price premium and leadership within the international financial space. Regional financial centres will likely specialise and will operate under the 'cyber umbrella' of the strongest jurisdictions.

Olivier Coispeau
Olivier Coispeau is a Senior Partner that specialises in growth acceleration and corporate finance.