This is a summary of a presentation made by industry experts from Deloitte, Cadence Bank, and Own to representatives from the world’s leading financial services (FinServ) companies. The presenters discussed key trends, risks, and solutions in digital transformation, data protection, and cyber security.
Attendees heard first from Tushar Daru, Lead Technology & Innovation Partner at Deloitte. He shared the results of Deloitte’s extensive survey of 500+ executives, including CEOs and CISOs, on the state of cyber security and digital transformation.
Not surprisingly, they found that COVID-19 had ramped up the pace of digital transformation. That’s a timely shift because according to Salesforce research, 70% of customers now have higher expectations of their digital experience, having become accustomed to digital ease-of-use during the pandemic. Having embraced this online experience, they also have elevated expectations about the digital capabilities and security around their information.
But Deloitte also uncovered an eye-opening shift in how organizational strategies are shaped. Previously, digital transformation was simply part of an organization's overall strategy, but today, senior executives think about their organizational strategy based on digital possibilities.
“That’s a significant mindset shift in terms of how digital is no longer just part of a technology agenda. It’s actually much higher in the organizational agenda.” -Tushar Daru
When asked which priorities executives named in the survey, Tushar said they included a faster pace of innovation, increased resiliency, and keeping up with regulatory requirements, all of which can be solved in part by the cloud and digital transformation.
He says their thinking has shifted from “How can the cloud reduce our infrastructure dollars spent” to “What business cases and resiliency can the cloud enable?” Banks are thinking about this in terms of their customer journey, user experience, marketplace changes, regulatory expectations, and visibility in their front, middle, and back-office functions.
The survey also revealed executives’ concerns about deep gaps in cyber security. An astounding 98% of them believe their organizations need to do more on that front. This transformation backlog is due in part to the talent gap in the cyber security market. There simply isn’t enough talent to move agendas forward at enough organizations.
The solution, according to Tushar? The right tools and the right partners can help bring organizations up to speed.
Additional trends to consider
As Jonathan Hay, SVP and CISO at Cadence Bank pointed out, neobanks have ballooned in recent years and are getting a lot of customers’ attention. To their credit, they prioritize experience design and can innovate quickly with iterative design processes that aren’t weighed down by regulations and bureaucracy.
“We [traditional banks] need to think about experience solution delivery instead of just product and service delivery. That’s where we’ll derive a competitive edge.” - Jonathan Hay
As he reminded attendees, digital transformation is not simply purchasing a piece of technology to improve a process. Transformative initiatives look at why we do things the way we do, then take bold steps to tear down products and service offerings and look at them through different lenses.
He also pointed out that the labour market is a massive challenge. Not only are minorities underrepresented in cyber security, but Gen Z devalues careers in cyber security. (Only 32% of them have a favorable view of it, as opposed to 65% of boomers surveyed.) Given the lack of cyber security courses available at institutions of higher learning, industry may have to step in to help solve the core issue through educational partnerships.
Intriguing results from Forrester
Own added its perspective to the conversation with the results of their State of SaaS Data Protection Report it commissioned from Forrester. Interviews of 1,350 SaaS CRM users were divided into two groups: one that was aware of its cloud-based, data backup responsibilities, and one that was not.
Shockingly, 40% of all respondents still incorrectly believe that cloud vendors are responsible for data protection for everything in the cloud. The reality is that cloud customers are responsible for their own data-protection strategies and backups.
Perhaps not surprisingly then, more than three-quarters of the respondents had suffered data loss or corruption in their SaaS CRM in the three months before they were surveyed. The right strategies (and partners) can protect banks and other institutions from data loss that might have downstream impacts.
Cyber attacks accounted for nearly half the cases experienced by the respondents in the survey, winning out over human error and rogue add-on applications. In fact, financial firms are 300x more likely than other institutions to experience a cyber attack or malicious-intent data loss. Between February and April of 2020, cyber attacks against banks rose by 238% (source: VMware).
Sadly, of the respondents who had a data event in their CRM, 89% of them couldn’t fully recover their lost data. These statistics are shockingly high given the availability of data backup tools.
Which challenges have FinServ's attention?
The speakers then turned to four topics that have caught the industry’s collective eye:
1. Advances in FinTech: Banking institutions are trying to keep up with their FinTech peers (SafeCoin, etc.). FinTech has received massive investments from VCs. It’s likely that they’ll rapidly crop up as competitors if banks don’t partner with them and integrate their products into banking business models. FinTech has the potential to become a real threat.
2. Cyber security: This will, no doubt, remain an issue until executives understand how to balance cost versus risk, and give CISOs and risk officers the capabilities (and budget) to manage data protection effectively. The threat landscape isn’t changing. In fact, it’s only becoming more sophisticated through advances in machine learning.
3. Approach: The shift from a project-centric mindset to a product-centric mindset is critical, whether you’re running a cloud security program, a cyber security program, or a data protection program. This type of change could even help firms address talent shortages. They’d stop losing talent to a highly agile, “fail-fast environment” that uses a product-centric model.
4. Data monetization: Data protection is expensive. Most organizations are still figuring out how to protect their data, and haven’t gotten to the next step of figuring out how to monetize it. Once that protection is in place though, CDOs and CROs will be asked to create initiatives that help banks understand their customers and drive revenue growth.
Case study: Cadence Bank
Salesforce is a complex platform. If you don’t have experience protecting that data environment, get an experienced partner to perform an overall risk assessment. That’s what Cadence Bank did. It partnered with RevCult (now Own) to prioritize its risk and remediation efforts quickly.
Cadence now uses the same type of assessment each time it brings new business processes onto the Salesforce platform. Own gave Cadence best practices for operational support and for some of the controls it uses in its development and release process. The bank now looks at development work and classifies the data types that will be a part of its security policies, so it can protect them. It also has a great reporting mechanism to support auditors and regulators who don’t have a ton of experience with Salesforce.
Cadence now cites Own as a critical part of how it meets its strict recovery point objectives in the event of data loss or corruption. Like most banks, Cadence has rigid governance and risk management practices around backups for all applications, so Own established processes to test those software applications quarterly.
“It’s an excellent product to help accelerate our risk management efforts. The investment in these tools saved us money, particularly over the alternative option, which was manually assessing risk ourselves. It was an overall benefit to use these two platforms.” - Jonathan Hay
With Own’s acquisition of RevCult, organizations now have the ability to see where on the Salesforce platform there might be user and permission gaps or the potential for data loss or corruption. They can also classify sensitive data, and support compliance departments in their work to remediate gaps and report back to regulators.
“We’re covered in both a proactive and reactive way in terms of known gaps and recovery capabilities,” says Jonathan.
According to these experts, work on leveraging what exists in the market already, not building from scratch. Tech is changing so quickly, that implementing custom solutions built by someone else is smart if you need to jumpstart your journey.
When it comes to implementing a comprehensive data protection and cyber security plan, make sure you have the right level of support from management. Get there by helping them understand that data capabilities and security are fast becoming differentiators.
All in all, seek out the right partners by reaching out to your community. It’s the only way you’ll get your arms around something as large as data protection and cyber security.