The growing importance of cyber risk management for banks

The health crisis, the spread of teleworking and the growing use of online financial services have all increased the cyber threat, which has been hanging over banks for several years now. Managing cyber risk is a major challenge for banks.

Covid-19 pandemic increases cyber risk

Although banks have been very vigilant in the face of cyber risk for several years, the threat has become even greater since the start of the pandemic.

It's not just financial institutions that are targeted, as illustrated by the recent cyberattack on the U.S. Colonial Oil Pipeline, which supplies half the East Coast. On May 8, hackers hacked into the pipeline's computer system, bringing it to a standstill and spreading panic from the south to the east of the country.

On May 16, Axa subsidiary Asia Assistance fell victim to a ransomware attack. The company's IT operations were affected in Hong Kong, Malaysia, Thailand and the Philippines.

Although the banking sector has not recently been hit by such cyberattacks, it is no less at risk. Since the start of the Covid-19 pandemic, the risk has increased as teleworking has become more widespread, and digital financial services have expanded.

In practical terms, this means more opportunities for hackers, especially as the IT systems used by bank employees working from home often do not benefit from the same level of security as in the office.

Cyber risk management, a key challenge

Cyber risk is now on everyone's mind, and its management is becoming increasingly important. The threat is regularly discussed at board meetings and executive committee meetings.

Rating agencies are also taking a close interest, and could pass on a high cyber risk to a bank's credit rating. Although categorized as a non-financial risk, cyber risk has real financial consequences. It requires investment to protect against it, and data hacking can mobilize considerable sums, not to mention the possible flight of customers likely to lose confidence.

What's more, the size of a facility doesn't really quantify the risk. In other words, just because a facility is large and has a substantial budget, it is not immune. Its IT system is also more complex and extensive, with an international presence, which multiplies the risk of cyber-attacks.

Banking institutions can no longer evade this threat, and must exercise the utmost caution, which meansinvesting significant sums in securing their IT systems. By way of example, the Société Générale Group has allocated a budget of €650 million for the period 2021-2023 for this purpose.