Cybersecurity: the trust-building core of banking
Marek Belka explains why cyber security in financial institutions must be treated more seriously.
In the process of completing the digital single market, we are considering a variety of opportunities it offers, such as online shopping or the chance to watch our Netﬂix movies from various parts of the EU.
However, for a person with economic issues ‘encoded in his heart’ for his whole life, e-banking plays a particularly important role for me. We often talk about the need to strive for security in the digital single market and it is no different in the banking world. It might be a cliché, but modern banking cannot exist without an extensive, stable and safe IT environment.
This is also what banking services clients demand from European credit institutions. It is worth noting that in Poland – my home country – there are more than 36 million consumer accounts with electronic banking access.
Of these, 17 million are actively used via the internet. Moreover, mobile banking (via a mobile phone or a tablet) is nothing new – there are nine million such customers in Poland – meaning that one in four people in the country accesses his/her bank account via mobile devices.
We must admit that this is a great achievement. But it also places considerable responsibility on the banking sector and EU institutions to act in order to ensure stable, secure and trustworthy banking opportunities in the digital world.
“We need to improve information sharing between and within EU member states”
Why? Because to satisfy the demands of EU citizens, one nowadays has to realise there is no banking without electronic banking. Banks try to oblige by providing an environment for e-banking that is as secure as possible. In Poland, as well as a national cybersecurity centre, there is a banking cybersecurity centre tasked adequately tackling the security risks to banking products and services.
This is essential, because the level of cyber threats is rising rapidly. Eff orts to promote cybersecurity have led to numerous initiatives on global, EU and national levels. The G7 took steps to develop principles for cybersecurity, while the ECB has adopted cyber-resilience oversight expectations for the Euro system in 2018.
However, this is only a ﬁrst step in the ﬁght against cyber fraud. Unfortunately, while national institutions responsible for the banking sector treat cybersecurity as an issue of utmost importance, it does not seem that the European Commission takes it quite so seriously.
Let’s be honest; due to constraints on the EU budget - which is not growing adequately compared with the tasks we want the Commission to focus on - the Commission does not possess sufficient expertise, personnel or competence to appropriately tackle the issue of cybersecurity in ﬁnancial markets.
Furthermore, the Commission seems to be managing this issue as if it was a separate element of ﬁnancial services. DG FISMA is not really in charge of matters linked to cyber security in the banking sector; instead it relies on other, non-ﬁnancial focused parts of the Commission.
Moreover, the European Union Agency for Cybersecurity (ENISA), located in Greece, cannot focus all its eff orts on the banking sector; it has to treat it as just one of many issues it has to deal with. Moreover, much of the work on cybersecurity at EU level is currently based on non-binding guidelines.
“To satisfy the demands of EU citizens, one nowadays has to realise there is no banking without electronic banking”
As long as the EU consists of 28 (or, after the UK’s departure from the EU, 27) sovereign states, and as long as cybersecurity is a matter of national security, it is national authorities that are ultimately in charge of ﬁghting cybercrime. In building a true banking union or the Capital Markets Union, this will be a growing problem.
The steps taken to ﬁght cybercrime in the banking sector have to be taken more on an EU level. First, we need to improve information-sharing between and within EU member states. It is crucial that private institutions and public authorities, as well as law enforcement agencies, exchange more information, which is currently not the case.
Best practice in this ﬁeld in Member States should be taken into account. Second, a better-ﬁnanced and also a better-equipped part of DG FISMA in the Commission needs to lead the ﬁght against cyber threats in the ﬁnancial sector. Even although DG Connect may have more specialised personnel to tackle cyber fraud, it is DG FISMA that has the know-how and understanding on how the banking sector really works.
Last, a better-functioning insurance market for cyber risks would mitigate the costs for the insurance for the banking sector. We have to remember that ﬁnancial stability in the EU is based on a range of factors.
Obviously, our institutions have to be properly capitalised to build resilience against any future turmoil in the economy. They have to be managed and supervised in a prudent manner to make them reliable. They have to guarantee that the money and data entrusted in them will not be stolen or compromised.
All those matters are linked with one supremely important matter – trust; stability of the ﬁnancial sector is not possible without it. Falling levels of trust among market participants, particularly in ﬁnancial services, can have unpredictable and negative effects. One can say that every ﬁnancial crisis starts with a decline in trust.
Therefore, in order to both reinforce and increase trust in the ﬁnancial services markets, the issue of cybersecurity in our ﬁnancial institutions must be treated with the upmost seriousness.
Europe must continue to guarantee the highest hardware resistance levels to cyberattacks, says Stéfane Mouille.
Digital transformation promises to unleash a new era of productivity that will touch all our lives, explains Erik Ekudden.
Europe is more than just one of Huawei's most important markets, writes Abraham Liu.