One of the silver linings of the COVID-19 pandemic is the key role that digital financial services have played in helping countries worldwide weather the crisis and explore new opportunities. Many expanded social protection measures and sought innovative ways to deliver financial aid, encouraging digital payments and direct money transfers into the bank accounts or mobile wallets of citizens hit hard by the pandemic. In countries with traditionally cash-based financial systems, the rising prevalence of digital technologies has supported the growing shift from in-person to online transactions for goods and services, opening access to the digital economy for more people.
While the shift to digital has benefited many, it comes at a cost. Low-income people in developing countries — who are already struggling with the health and economic impacts of the pandemic — are increasingly targeted by online fraudsters. Social engineering attacks, data breaches, and system outages inflict real harm; the consequences of losing even small amounts of money can be devastating to the poor. Even more so when the customer is liable for losses and must carry the burden of proof when a cyber incident occurs, which is the case in most of the developing world. Customers affected by successful cyber breaches lose trust in their financial institution and in the system, threatening progress on digital financial inclusion.
For financial service providers (FSPs), increasing the use of digital channels also increases the risk of exposing identity and other sensitive information that could lead to severe economic, reputational, and regulatory costs. However, many providers also recognize that digitalization remains key to long-term competitiveness and sustainability, so a balance must be struck between the need to continuously innovate with the need to focus on security. With these factors in mind, FSPs are increasingly compelled to bolster their institutional capacity for cybersecurity and build cyber resilience. Doing so is essential to protecting their businesses and vulnerable customers from the significant and often irreparable damages that can result from cybercrime, and to ensure longevity.
Introducing the Cyber Resilience Toolkit
To guide financial providers through the process of building cyber resilience, we have collated the learnings from our experience helping our FSP partners around the globe strengthen cybersecurity into a practical toolkit, broken down into five key recommendations:
- Build secure apps and ensure security considerations are incorporated into the digital product design and development process.
- Test regularly for breaches and understand the processes, capabilities, and remedial actions required.
- Create a culture of cybersecurity awareness rooted in strong organizational design to build and sustain a culture of cyber awareness and improve incident handling.
- Build a resilient technology environment with robust infrastructure to proactively protect and sustain the institution and customers before, during, and after a cyber threat.
- Strengthen cybersecurity with partnerships to reduce cyber risk and manage service delivery at minimal cost.
We hope this toolkit is helpful for FSPs seeking to develop or improve their cyber resilience and deepens understanding of cyber risks, how to mitigate those risks, and how to cultivate client trust and confidence in digital financial services.
This toolkit was developed through our partnership with the Mastercard Center for Inclusive Growth and with support from the Mastercard Impact Fund.