Banks and financial services organisations face a range of challenges from their competitors, changing consumer behaviours, COVID-19’s ongoing disruption, and the increasing frequency or sophistication of cyber attacks.
These challenges have deepened their reliance on technology and the adoption of data-driven applications, with governments and their institutions rightly responding by refining regulatory frameworks and increasing the data protection, privacy, and security requirements of organisations.
The maturation of regulatory frameworks has seen a strong focus on digital operational risks and the impact on data privacy from cyber breaches, from a consumer rights and technology implementation perspective.
The Personal Data Protection Acts in Singapore and the Monetary Authority of Singapore (MAS)’s Technology Risk Management guidelines (TRM) – through their individual requirements and collective coverage– have clearly assigned fiduciary accountability for data governance, privacy, and protection, to financial institutions’ executives and boards.
The cost of data breaches and downtime
The proliferation of cyberattacks during the pandemic is a familiar storyline for businesses and governments, with attacks on the finance sector increasing 238% globally during the onset of the pandemic according to VMware Carbon Black.
See also: Testing QA New Section BDC Feature Winner 1
Worse, IT downtime now reportedly costs US$300,000 per hour for 91% of organisations, according to ITIC research. The Ponemon Institute also found the average cost of lost business due to a data breach now tops US$1.59 million or 38% of the total cost of a breach.
Customers seek reliability, efficiency and new offerings, before cyber attacks even come into play. This means financial organisations face a double-headed monster in managing cyber attacks and the cost of technological compromise or disruption they cause.
To help address the challenge of data governance and protection beyond revising regulatory frameworks, MAS regularly issues advisory notices and reports to improve cyber hygiene, technology and data risk management. One such example is MAS’s recent report on managing the risks of remote working in the financial sector.
See also: Unpublished article shouldnt be accessible testing
This proactivity not only supports the sector with best practices but also demonstrates the high expectations of financial institutions to better manage their data risks from Singapore’s government bodies. These expectations require prioritisation alongside beating out the competition, engaging customers, and accelerating digital transformation.
Unstructured and dark data increases risk
Financial institutions with disparate, unstructured, and siloed data as well as rely on complex legacy data management technology have an increased vulnerability to cyberattacks such as ransomware.
This makes data flip from being a competitive asset to liability, which is why data compliance, a core element of modern risk management, and data management are converging. When data is scattered across a data centre, networks, remote offices, and multiple clouds, with no central visibility or control, it causes mass data fragmentation.
Fragmented data often results in ‘dark data’, whereby organisations do not know what data they have, the types of data they have, where it is located, whether it is secure or compliant, and if it is backed up and recoverable.
Dark data is a critical concern for data management and compliance objectives. If a data footprint is unknown, it cannot be secured, which is a major issue for any organisation, let alone one tasked with managing the finances of other companies or consumers.
Knowing where data is by governing it appropriately and how that data is used to support operations is fundamental to meeting compliance and risk expectations.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Our research has found IT teams spend an average of 40% of their time each week installing, maintaining and managing data infrastructure, and almost a quarter of IT teams spend between 50% to 75% of their time on these tasks.
Eliminating the fragmented nature and complexity of legacy data management – which usually involves managing multiple point solutions from multiple parties – is crucial to reducing attack surfaces and managing risk. It also enables scarce human technology resources to focus on improving customer outcomes and innovation.
The good news is that financial institutions can address these complexity issues by employing next-gen data management technology, which offers a single scalable solution that slashes complexity and costs.
Adopt and prioritise a strategy based on maximising cyber resilience
Managing operational risk without addressing data management simply is not possible in this digital age, with strategic policies and regularly revised regulations laying the foundation for financial organisations to maintain business continuity and customer trust, by clearly defining data management expectations and outlining baseline requirements.
However, Singapore’s government bodies do help financial organisations to improve technology risk management, digital infrastructure integrity, security posture, and data recovery capabilities, through various initiatives such as MAS-ABS’s Return to Onsite Operations Taskforce (ROOT) that educates industry members on best practices and coordinates responses to crises.
Data security is a known boardroom priority. However, data management is now also shifting from an IT concern to a boardroom priority, as ransomware and data breaches continue to plague organisations.
To better protect data in this era of cyber threats and technology adoption, cyber resilience must be both adopted and prioritised. Cyber resilience is a concept whereby an organisation is able to continuously deliver its intended outcomes despite adverse cyber events.
If cyber resilience becomes the objective, the focus shifts to conducting business securely, which helps change the way data governance and protection problems are addressed, and that a security posture needs to solve.
Next-gen data management platforms can help organisations to preserve business continuity (and their reputation) through effective data management and protection. Such platforms are built upon zero-trust security principles, powered by AI insights, and offer third-party extensibility to integrate within an existing ecosystem.
No matter the industry, the winners of tomorrow will be the organisations that can better leverage and gain insights from their data, prioritise data governance, and protect their data from ransomware. Cyber resilience, which is built upon effective and next-gen data management technology, is vital to not only maintaining business continuity, but maintaining current customer offerings, minimising risk, and meeting regulatory expectations.
Data is an organisation’s most valuable asset, even for a financial services firm. However, it is also the most vulnerable asset.
Financial institutions can start meeting their data protection objectives, customer demands and regulator expectations today by adopting a data management approach focused on maintaining and improving cyber resilience. After all, in 2022, can you really afford not to?
Sheena Chin is the head of ASEAN at Cohesity
Photo: Unsplash
