When it comes to digital transformation, Asia Pacific's (ASPAC) financial services sector is setting a brisk pace.
According to the Consumer Loss Barometer, KPMG's* global survey of cyber security, companies in ASPAC are the more likely to have high digital transformation maturity. And two-thirds of respondents from this region say their security functions are highly engaged with the digital change agenda - considerably more than counterparts in other parts of the world. This speed of disruption is driven partly by a younger population, many of who have only ever known a digital world and have exacting expectations of speed and service.
As ASPAC's financial services players seek to better engage with customers via platforms, exciting new markets and revenue streams are opening up. Digitization of the business and operating models not only creates business opportunities, but also improves efficiency and reduces the cost-to-serve. Organizations' security functions are highly engaged with their digital transformation agendas, in ASPAC (67 percent) compared to the Americas (59 percent) and EMA (50 percent). Technologies like robotic process automation, cognitive, AI and blockchain are starting to demonstrate their value in areas such as broking, insurance underwriting and banking credit risk.
Cyber security is set to play a critical role in this transformation across ASPAC. But only if the function acknowledges the need to be forward-looking and see itself as an enabler - rather than a risk-averse group that simply says “no”. Chief Information Security Officers (CISOs) must recognize that today's digital consumers are more informed - and more concerned. Customers recognize the many benefits of digital banking but are also attuned to the downsides of invasion of privacy and will judge harshly any organization that doesn't respect and value their privacy. Cyber teams should therefore be involved early in digital transformation programs, to ensure that security and privacy are built into systems and controls as an essential element of the way financial services companies do business, with seamless cyber security an integral component of the trust and value proposition.
According to the Consumer Loss Barometer report, a far greater proportion (48 percent) of financial services businesses in ASPAC are worried that legacy infrastructure could raise the threat of cyber-attacks and breaches (compared to 31 percent in EMA and 18 percent in Americas). The move to the cloud is a telling moment for governance and control of technology, with the opportunity for a clean break from the increasingly unmanageable past.
By drawing a line in the sand and migrating to cloud-based services, like infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS), enhanced cyber capability and maturity can be accessed from the right suppliers. However, third party providers are too often 'out of sight and out of mind', despite their growing importance (further information here (PDF 2.3 MB). It's therefore important to consider smarter ways to manage vendors through better controls - including mandatory requirements for cyber-related capability through the selection process. Greater use of automation can help improve monitoring of vendors, while cyber focused data analytics can identify major risks and inform continuous improvement in cyber security.
A successful cyber journey also calls for an investment in people. But it seems that the fast development in ASPAC (69 percent) continues to fuel the war for talent. Seven out of ten security executives in the region report difficulties in attracting and retaining talent - significantly more than in the Americas (51 percent), Europe, Middle East and Africa (52 percent). There is a real concern that a lack of the right skills could have a negative impact upon an organization's sustainable cyber security posture, and companies have to continuously find new and innovative ways to access capabilities, including automation, advanced cyber analytics, outsourcing/partnering, retraining and 'gig' economy-type working arrangements that may suit the younger generation.
As the customer experience becomes almost entirely digital, security must be designed into new, digital solutions. The cyber function should be at the center of and drive this debate, to enable an agile organization with strong identity and access management that is seamless for consumers. In grasping this opportunity, CISOs must continue to find a way to balance future needs with a back book of legacy challenge.
*Throughout this blog, “we”, “KPMG”, “us” and “our” refer to the network of independent member firms operating under the KPMG name and affiliated with KPMG International or to one or more of these firms or to KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.