Fintech Cybersecurity: A Plan for Innovation with Risk Mitigation
October 29, 2021
As the fintech industry rushes ahead to integrate new technologies, it’s leaving the door open for cyber attackers.
The financial technology (fintech) industry is evolving at breakneck speed, driven in large part by its rapid adoption of innovative new technologies like artificial intelligence and blockchain-powered assets. By 2026, the current global fintech market is projected to reach $190B, representing an annual growth rate of 13.7 percent. Within that market, artificial intelligence alone is expected to grow annually by 23.5 percent by 2027.
But as fintech organizations rush toward that future, they may overlook traditional, foundational challenges vital to business operations, like cybersecurity, for instance. In fact, they may view cybersecurity as an impediment to technology-driven growth, choosing innovation over safety.
That’s a very risky stance to take in a world where cyber incidents are rising at an alarming rate.
A Highly Vulnerable Industry
Choosing innovation over safety is curious given the increased awareness in the corporate world about the risks posed by a cyber attack. In the latest version of the FTI Resilience Barometer, 83 percent of G20 business leaders report that cybersecurity has risen up the board’s agenda in the last 12 months.And yet, recent high-profile attacks suggest that the fintech industry would benefit from enhancing cybersecurity readiness and incident response plans as soon as possible.
Fintech organizations face a variety of threats. Take targeted cyber attacks, for example, where ransomware and artificial intelligence are employed to steal credentials. And as with many other industries, the fintech attack surface — made up of access points — has broadened and diversified thanks to an expanded remote workforce. A reliance on mobile devices to conduct normal business operations, internally and externally, is creating potentially endless vulnerabilities for cyber actors to exploit.
While some of the innovations adopted by fintech (such as blockchain technology) are highly touted for their cybersecurity attributes, the technology itself has its own safety issues. Cyber actors can gain entry at the application layer (where the user lives) above the blockchain technology.
Combatting these threats requires a cybersecurity program uniquely tailored to the fintech industry and a fully developed and practiced incident response plan. These are not roadblocks to growth, but guardrails to future viability.
Prioritize Industry-wide Cybersecurity
Speed is a necessity in the competitive landscape of fintech. Being the fastest to deliver personalized service — like making instant lending decisions or adding digital assets, for instance — can help a firm stand out in a crowded field that competes with brick-and-mortar stores, virtual banks and crypto-native companies. But speed shouldn’t come at the expense of safety.
Without a balanced approach that accounts for strategic growth and foundational cybersecurity concepts, fintech organizations could be left scrambling to retroactively apply security measures to existing platforms. This process is difficult to manage, and proper implementation may not even be possible due to settings and configurations that cannot always be altered after the fact. (This is especially true with applications such as smart contracts.)
Ensuring that foundational cybersecurity concepts are prioritized will also help meet compliance with evolving government regulations. Members of the U.S. House Financial Services Committee recently agreed on the need for “stronger protections for consumer financial data used by third-party companies.” This pending regulation, aimed at protecting customers’ financial information, is something a proper cybersecurity readiness program would address.
Overcoming Fintech Cybersecurity Challenges
Failing to prioritize cybersecurity within the fintech vertical poses a real risk that cannot be overlooked. Organizations can build a strong cybersecurity program by following these standard principles:
- Know your assets and manage change effectively. It’s often said that you can’t protect what you don’t know. Determining the most valuable assets to the organization is step one to implementing processes that allow for changes to be made seamlessly and ensuring these assets are never exposed.
- Practice cybersecurity hygiene. Basic security measures remain critically important. This includes regularly changing passwords and consistently performing security updates.
- Implement a defense-in-depth (DiD) approach. A layered security structure ensures that if one protocol or protection fails, other defenses are still operating. Consider leveraging cloud solutions, identity and access management, and multifactor authentication.
- Empower employee awareness and increase communication. Through training and investment in staff, shift the culture toward cybersecurity accountability. By encouraging communication across the organization, you can empower each individual to do their part to stop threats and ensure they know exactly how to respond during an incident.
Innovation does not have to be restricted by proper cybersecurity practices. By keeping these and other standard cybersecurity principles in mind, organizations can develop a balanced approach to technology-driven growth. Integrating safety from the onset will create a stronger, more efficient organization better protected from threats and set up for the future.
© Copyright 2021. The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.
About The Journal
The FTI Journal publication offers deep and engaging insights to contextualize the issues that matter, and explores topics that will impact the risks your business faces and its reputation.