I believe the digital revolution is a marvelous opportunity for banks to build on their existing, significant trust dividend - something they've worked tirelessly to earn over the years. Let's not forget that banks already rank high on the trust scale: in KPMG's global survey of consumers, Me, my life, my wallet, banking is rated the second most trusted industry, just one point after healthcare.
Having established such a reputation, banks are determined to retain and enhance it. According to KPMG's* Consumer Loss Barometer, a global survey of businesses and consumers, 69 percent of bank cyber executives say their organization has invested heavily in data security - more than other sectors. Many banks already treat cyber security as a key risk that is tracked by risk committees.
And they're right to do so, as breaches and cyber crime are an ever-present threat. Thirty-seven percent of consumer respondents to the Consumer Loss Barometer say they've had their financial information compromised.
Although cyber security is rightly a high priority, it needn't be a primarily defensive one merely to minimize risk. By placing cyber at the heart of the transformation agenda, banks can turn words into actions and deliver a fantastic user experience - to unlock exciting commercial opportunities.
As they strive to see off the challenge of new entrants and fintechs, trust can be a differentiator. This means creating new, agile business models while retaining their reputation as a safe place to put your money. I would argue this is more a question of strategy and culture than pure technology; setting a roadmap to being fast-moving, responsive organizations where authentication and privacy is an integral part of the customer experience. In effect, they would be taking the best of their traditional business models and adding in learnings from the most cutting-edge of the new breed of challenger banks and fintechs.
Indeed, customer experience - rather than cyber security - should be the new strategic priority for Chief Information Security Officers (CISOs). As more and more consumers go digital, a seamless and secure interaction will go hand-in-hand with a great customer experience.
Responses from our Consumer Loss Barometer suggest that we've some way to go, with CISOs' views not fully aligned with those of their customers, who want both full and swift financial compensation as well as clear evidence that the problem has been fixed. Such a disconnect reflects the traditional role of cyber professionals as outside of - and to some extent out of touch with - the main business.
|Customer expectations following a breach||Customer view||CISO view|
|Compensate me for all losses||71%||40%|
|Prove that the problem is fixed||41%||8%|
|Help with resulting credit or identity issues||50%||50%|
|Provide frequent updates on the situation||44%||31%|
|Apologize to me||33%||48%|
|Give me a direct line to security group||24%||45%|
|Inform me before the press for any breaches||26%||37%|
In future, banks will increasingly view cyber security and privacy as an integral part of their business, with both employees and customers highly aware of the need to protect data. Again, this need not be a defensive stance and can enhance trust in their brands.
If cyber security is to truly enable strategy, the Board needs to take ownership of cyber security - something that is relatively immature at present. They must invest in emerging design and technology to become 'secure by design', which should improve both customer experience and operational effectiveness.
Some leading banks have pushed cyber trust to the top of their business agenda - delivering through action and not just words. Leadership truly believe that a secure customer experience can help it gain a competitive edge and investing accordingly.
We shouldn't forget that the reason people put their money in banks in the first place was to keep it safe. New banking models must embrace both the historical trust dividend and the agility and responsiveness of digital. Get the balance right and banks might just find they've got a strong offering that can see off the threat of technology challengers and provide a solid platform for growth.
*Throughout this blog, “we”, “KPMG”, “us” and “our” refer to the network of independent member firms operating under the KPMG name and affiliated with KPMG International or to one or more of these firms or to KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.