While digitalisation in financial institutions has greatly benefited consumers, the rise of digital banking, the growing adoption of remote work, and the increasing use of multiple devices and apps by customers and other third parties, are pushing the boundaries of the financial sector’s cyber capabilities, said Kenanga Research (Kenanga) in a recent report.
These areas are also exposing new security areas which need specific measures at each level. Statistics by the Royal Malaysia Police’s Commercial Crime Investigation Department showed that Malaysians lost over RM850 million in more than 25,000 online fraud cases in 2022.
In March 2023, the Malaysian Anti-Corruption Commission (MACC) said that it was investigating an investment scam syndicate, including looking into the role of five major banks implicated in the case.
“There were no details on the banks implicated. The syndicate has reportedly earned about AUD60 million (RM200 million) by defrauding victims locally since 2019 and up to RM1 billion worldwide through their international operations,” said Kenanga.
On one hand, financial institutions are not solely responsible for financial losses due to online frauds and scams. On the
other hand, they are the “gatekeepers” of wealth entrusted to keep consumers’ monies safe and secure.
The rising prevalence of online frauds, data breaches and the increasing sophistication and complexity of cybercrimes are forcing
financial institutions to stay ahead in cybersecurity and ensure stealth-like protection for consumers without sacrificing
accessibility and convenience.
Looking ahead, financial institutions can expect a more challenging operating environment as innovations such as cloud services and AI become more common thus heightening cybersecurity risks amidst rising customers’ expectations of better security and safety.
Adding to the gravity is the shortage of talent in the field of cybersecurity and the legal challenges involved when dealing with different jurisdictions.
Hence, cross-organisational and cross-border cooperation is essential to address the seamless world of cyberspace. Coordinated surveillance and assessment are crucial not only for effective risk mitigation but also for the successful arrest and prosecution of perpetrators.
One key issue for customers is the return of monies lost in fraudulent transactions. There needs to be better and stronger regulations and laws that compel quicker refunds.
While customers themselves are the best defence in the battle against scammers, it is imperative that banks play a bigger role in keeping customers informed and aware of potential private data breaches and scam tactics.
Due to the limitations of disclosures, it is a challenge to establish a benchmark between the listed financial institutions. The
current industry practice includes reporting on data privacy and cybersecurity efforts within the “Sustainability Statements” in
their respective annual reports, although consistency between them could be further enhanced.
It is still appreciated that information provided offers a sense of effort taken by the respective banks, such as:
1/ Materiality matrix and risk management frameworks
2/ Referenced legislations and guidelines
3/ Staff education and training on cybersecurity and awareness
However, to enable a more comprehensive perception to be established, we propose for disclosures to include more
transparency and with more numerical emphasis; albeit we gather that these information could be sensitive towards the
reputational risks to the banks. These items could include:
1/ Frequency of cyber risk incidences and timeliness of resolution
2/ Financial losses incurred from incidences
3/ Total investment into security system upgrades and maintenances
“We believe such information could enable investors to better exercise their own objective views as to how the banks manage
cyber risks in day-to-day operations,” said Kenanga.
While this may also lead to varying perceptions owing to a higher/lower gravity in comparing, this could also provide opportunities for the banks to educate its investors and highlight on its specific strengths to build equity.
