Regulators are the key to manage APAC banks rising cyber risks: S&P Global
The analyst said data breaches could prove crippling for individual banks.
Asia Pacific’s ever-more open and interconnected banking systems are raising the threat of hacks and data breaches and that’s why APAC regulators will need a dogged determination to understand and manage risks., a report by S&P Global said.
According to S&P Global, with financial institutions increasingly on the cloud, sharing client data with a fintech firm, or relying on third-party service providers, the addition of each new partner into a digital system gives hackers a new point of entry.
An example of these is the ransomware attacks on Indonesia’s central bank in January 2022 and the data breach at the Reserve Bank of New Zealand where hackers gained access to information worth $3.5m.
Aside from the dangers of increased digital connectivity, S&P said that because of increased reliance on digital services by consumers so does the scope of cyberattacks rises. These can create direct monetary losses and data breaches that can damage the reputation of a bank and can hit a bank's credit profile.
A delicate chain
“The interconnectedness of global financial services and infrastructure mandates a robust digital framework. This accounts for the critical role that banks play in payment systems,” S&P said.
This means that APAC banks must rely on partners for their cloud computing and open banking platforms, bringing with it a fresh set of risks.
In a report by Gartner, 80% of the cloud services market is held by five firms: Amazon Web Services (AWS), Google Cloud Platform, IBM Cloud, Oracle Cloud, and Microsoft Azure. These five entities have access to key banking data and support core banking services.
This means that when a data breach or glitch happens, many banks in the region could potentially have their services disrupted.
“Similarly, Asia-Pacific banks' adoption of open banking is an opportunity for hackers. Open banking involves the sharing of sensitive customer data among a wide range of fintech companies and third-party service providers. This allows clients to move seamlessly from one service provider to another. But as more parties handle data, hackers have more ways to infiltrate and steal information,” S&P said.
To prevent attacks, S&P said that Asia-Pacific regulators will need “a dogged determination to understand and manage risks”.
“This points to the need for collaboration, and cross-border information sharing to build cyber resilience across entities to prevent systemic risk. Regulators are key to setting standards for banks, and guiding them toward collaboration. Such bodies are focusing on industry partnerships, pilot projects, sharing of best practices, and the like. This underscores how critical cybersecurity is to the smooth functioning of an economy and key services,”S&P said.