Nigeria -- Banks lose to cyber-crime globally, says CIBN

Banks’ loss to cyber-crime globally has risen to $700 billion yearly, President/Chairman of Council, Chartered Institute of Bankers of Nigeria (CIBN), Uche Olowu, has said.
Speaking during the roundtable on information security meeting in Lagos, he said despite the benefits provided by financial technology (Fintech), there are equally heightened risks of cyber threats and fraudulent activities with Nigerian banks alone losing N198 billion to the threat annually.
He said criminal activities such as credit card fraud, phishing, Automated Teller Machine (ATM) fraud and identity theft have increasingly become threat to banking operations.
“Statistics put the cost of cyber-crime globally at $700 billion annually, a figure projected to rise to about $2 trillion by 2019, due to the rapid digitisation of consumer lives and company records. In the case of Nigeria, about N198 billion is said to be lost to the ever-increasing cases of cyber-crimes per annum usually perpetrated through the financial system,” he said.
Olowu explained that while a variety of organisations are exposed to cybercrime, the financial sector is particularly vulnerable given its crucial role of financial intermediation in a highly connected global financial system.
He said: “Nigerian banking or financial services sector company should no longer ask if they are going to be hacked and instead when Cybersecurity is no longer just about protecting a business’ information. It is critical to maintaining trust with the public and customers, building company reputation, as well as safeguarding data, and critical infrastructure. This can all influence higher-level issues like maintaining competitiveness in the market, stock price, and shareholder value.
“For financial sector institutions, cybersecurity has become an issue from the top down. Board of Directors, Chief Executive Officers and Senior Executive must ensure that they are making the right decisions about cybersecurity for their institution. Shareholders and company Board of Directors are now asking questions about companies’ approach to cybersecurity and readiness to face an attack and CEOs must make it clear that security is not just an IT problem – it is a priority for the business. CEOs need to be able to answer tough questions and prove that they are working with the senior leadership team to develop a cybersecurity strategy and that they understand the cybersecurity landscape and how it can affect key business function in the company.”
He said it is incumbent upon CEOs to learn more about cybersecurity to ensure that their company is taking appropriate actions to secure their most valuable information assets. “This does not mean that every CEO needs to become a cybersecurity expert. Rather, CEOs should increase their knowledge of core cybersecurity concepts and leverage their own leadership skills to conceptualise and manage risk in strategic terms, understanding the business impact of risk. Most executives want to manage cybersecurity risks in the same thoughtful and intelligent way as they manage other aspects of their business,” he said.
Speaking on data security, he said banks are privy to an immense amount of data, which if put in the wrong hands could be harnessed for illicit activities. The most popular example being Facebook data and the data harnessed by Cambridge Analytica through the Application Programmable Interface (API) and the interference in the 2016 American Elections.
“As a solution, I implore intermediaries such as Payment Solutions Service Providers (PSSP) to efficiently act on data breaches. Furthermore, I believe that Data Privacy challenges could be effectively tackled with adequate legislation, which would enforce best practices in data protection. Also, a constant review of compliance with global standards such International Standard Organisations (ISO) and Payment Card Industry Data Security Standards (PCI-DSS) are ensured by the players in the financial service industry,” he said.
He said identity theft is on the rise due to the adoption of digitised platforms globally. The ease at which personal data could be illegally harvested is now more sophisticated than ever. “As a suggestion, I implore all banks to invest further in user education of customers on possible threats with remedies for mitigating such threats. I, also implore banks to further employ the use of intelligence systems and tools such as Predictive Analytics solutions to determine irregular activities on bank accounts, which have been compromised or inconspicuous fraudulent activities.”