The better the question. The better the answer. The better the world works. У вас есть вопрос? У нас есть ответ. Решая сложные задачи бизнеса, мы улучшаем мир. У вас є запитання? У нас є відповідь. Вирішуючи складні завдання бізнесу, ми змінюємо світ на краще. Meilleure la question, meilleure la réponse. Pour un monde meilleur. 問題越好。答案越好。商業世界越美好。 问题越好。答案越好。商业世界越美好。

Banks are building resilient cyber programs, but they need to prove it

(As originally published on LinkedIn, 7 January 2019)

Cybersecurity is getting harder to ignore. Regulators are calling for more effective programs, customers are demanding greater transparency of how their data is being used and recent attacks have proven that every business could be a target. Businesses are starting to understand the urgent need for an integrated and effective cybersecurity program.

This is especially true of financial services companies. The EY/IFF Global bank risk management survey shows that cybersecurity continues to accelerate to the top of board and Chief Risk Officer agendas. At the same time, the EY Global Information Security Survey shows that half of financial services respondents have increased their cybersecurity budgets in the past year in response to cyber risks. Although, more than three-quarters say their cyber budgets still account for less than 10% of overall IT spend.

Clearly there's a gap. Businesses need to realize the benefits of cybersecurity beyond risk management and data compliance. Sure, investing in the right resources can help prevent attacks, but it can also help regain customer trust that’s so vital to the success of a business.

A cybersecurity strategy that is done and communicated successfully can be the enabler of a great customer experience. So as Canadian banks start to put more dollars toward cyber resources, they need to think about how to build out their cybersecurity agenda within all facets of the organization – and how they’re going to communicate openly and effectively to consumers how they’re being protected throughout the relationship journey.

Here are three innovative data strategy solutions that banks can embed into products and services to build greater trust along the customer journey.

Real-time consent

It’s critical to be transparent at every step of the consent process, educating customers while allowing them to control just how much of their personal data may be shared and used. Banks should consider employing “just-in-time” notices – essentially an explanation button that provides a short rationale for why certain pieces of information are requested, whether it’s the customer’s age or date of birth – as well as interactive tools to explain privacy settings, and customized mobile interfaces.

User-Managed Access

User-Managed Access is considered an industry standard for personal data management. The technology is designed to control authorization of data sharing, including access to other protected information and resources.

Using a personal data vault is especially helpful for banking customers, as it provides greater control over how their data is used and shared, allowing them to assert a version of their own terms and conditions. This once again helps to bolster customer confidence in their privacy settings – they know who is accessing their data, in what capacity, and, in some cases, they can even remove their data from the service when not in use.

Privacy by design

Putting privacy at the heart of design is another key way to foster greater trust between banks and customers. By default, privacy settings should be set at the highest level possible to ensure the integrity of sensitive client information. For newly designed banking services or products, this might include creating access logs users can review, giving them more access control so they can verify or change data as needed, and providing them with ample choice when it comes to enabling or disabling what records are being accessed, and by whom.

As banks make greater investments into cybersecurity resources and programs, they need to communicate their solutions more effectively to customers if they want to reap the full value. Incorporating solutions like real-time consent and user-managed access into a cybersecurity strategy help to increase the conversation between banks and customers, and are key to enabling greater transparency and trust between the two parties.

By focusing efforts on delivering a transparent and customer-centric data privacy and cyber strategy, financial services companies can gain a competitive advantage in the marketplace, and be poised to reap the benefits of big data for the long haul.


Thomas Davies

Thomas Davies

Associate Partner


+1 416 943 2013