Banking has gone more electronic, it has become more vulnerable. Robbing a bank used to require a gun and a gateway car. Now hackers can attack banks within a click of a mouse. The sudden rise of notorious hacking groups possesses serious questions whether depositors’ money is safe in the bank.
Banks are increasingly automating most of their processes with the aim of becoming more efficient and reduce operational costs. As banks drive strategies to make it more convenient for customers to access bank services, it has exposed most of them to significant cyber-attacks. So one wonders whether banks should commit more resources investing in strong rooms or technology that is responsive when cyber-attack incidents are noticed.
The threat against banks has however evolved. Although the physical infrastructure of the banks is largely secure as a result of strong rooms and protected by armed guards, the software that runs it is not secure at all. The bank’s most critical resource is the bankers’ realm that houses all clients’ data. Any IT failure at a bank can result into financial instability and undermine trust in payment methods such as debit cards.
Bank executives and regulators are now more concerned by the threat posed to financial stability by networks of hackers that have launched a series of attacks on banks in the recent years. At the moment, banks have little incentive to share information on attacks and vulnerabilities with regulators or competitors. Most of the bank fraud incidents are kept within the boundaries of the bank. Supervisors also appear to be unwilling to talk publicly about their concerns or about investigations into lapses by banks.
The critical question here is “should the government just force banks to invest more of their own money in cyber-security, or should the Central Bank devote its own resources to protecting banks from attacks by hackers and their surrogates?