The security risks financial services companies face are rapidly increasing. Indeed, new research found that cyberattacks targeting web applications and application programming interfaces of North American financial services companies are up 354% over the past year.
When successful, cyberattacks inflict terrible reputational and financial costs on banks. In its most recent “Cost of a Data Breach Report,” IBM and the Ponemon Institute found that the average cost of a breach in financial services in 2022 was $5.97 million, up from $5.72 million in 2021.
Perhaps not surprisingly, banks and other companies are increasingly prioritizing technology investments that enhance security. For example, a Gartner survey of over 2,200 chief information officers around the world found that cyber and information security is the top priority for increased investment in 2023.
The question for bank decision-makers, of course, is how to maximize their technology investments. The aim is to leverage an organization’s entire tech stack to not only drive security and reduce risk but also improve everything from efficiency and customer satisfaction to company revenue.
Hyperautomation is not always regarded as a critical tool for improved security and reduced risk. In fact, in the Gartner CIO survey only 24% of respondents said that hyperautomation was a priority for increased investment in 2023. But there are many reasons to consider hyperautomation as a powerful approach to improve security and lower risk. Here’s just one: In the IBM and Ponemon Institute report, security breaches at organizations with fully deployed security AI (artificial intelligence) and automation cost about $3 million less than those that occurred at companies with no security AI or automation.
Applying hyperautomation to a bank’s existing tech stack
To be sure, AI and automation are key elements of hyperautomation. But hyperautomation is more than those two ingredients. Indeed, hyperautomation is a holistic approach to connect a bank’s disjointed systems and transform its processes from end to end using technologies such as machine learning, AI, robotic process optimization and low-code application development.
In most banks, the application of hyperautomation must consider the realities of their technology stack. “Hyperautomation is not done to a completely new set of processes or technology,” said Simon Cox, chief transformation officer at ServiceNow. “When banks hyperautomate their business processes or technology and security, the underlying capabilities will vary from decades-old core banking system right up to the latest and greatest cloud-provided service.”
The ideal foundation for hyperautomation to help banks address security is to be sure that the organization’s risk model is built into the overall initiative. This is especially important because securing the complex and always evolving mix of technologies and processes banks use must be approached with prioritization that hyperautomation can then execute.
For instance, imagine a scenario when machine learning or AI identifies vulnerabilities on a number of bank servers. But it may not always be the right choice to immediately patch the servers. “If those servers are really old and haven’t been touched much, the risk of patching may be greater than the risk of leaving the vulnerability there, especially given the extra perimeter controls that may be in place,” Cox said. “You need to build the organization’s risk model in so that hyperautomation provides the controls and oversight the bank requires.”
The right balance between people and technology, while reducing cost
Bank digital transformation has traditionally focused on customer-facing processes. Improving security and lowering risk with hyperautomation mean applying it to internal processes in the middle and back office. This is a good starting point because internal processes around things such as money laundering and fraud have traditionally been manual and have grown more complex as risk and data models have expanded.
“They’re a great place to look for hyperautomation because a bank may not have any individuals still around who understand the complexity that has been created,” Cox said. “By using hyperautomation, you can use the machines to navigate that complexity. Banks are realizing the increasing complexity in that messy middle and back office has increased costs, but it has also increased risk because the complexity is so large that they can’t rely on employees to manage it any longer.”
Which is not to say that bank employees are removed from the equation altogether. Rather, it’s about combining the tools hyperautomation provides to focus attention where it’s needed most. Importantly, applying hyperautomation that’s hard-wired with a bank’s risk profile and security policies makes it easier and less expensive to respond if a security breach occurs. “Where things become expensive in the technology and security world related to regulation is after the incident, when the organization has to be able evidence the reasonable steps you took to prevent a recurrence,” Cox said.
This is a time-consuming, highly manual process lasting as long as 18 months to two years. Hyperautomation can accelerate that response time. “If you are able to have built into your hyperautomated technology and security the checks and balances of everything that’s been done along the way and show that every automated decision was compliant with policy and have that evidence,” Cox said, “then your response to that regulatory oversight will be far quicker and far, far cheaper.”