Fintech’s cyber risks are totally worth the reward

When US$81-million disappears from your account, you might be tempted to think it was a one-off disaster. SWIFT, the international banking transfer system however says it’s just another cyber-heist, part of a global network of attacks on its service — US$81-million from Bangladesh, and just last month, US$9-million from Ecuador.

As fintechs increases financing potential around the world, risk also increases. And since fintech is boosting global financial inclusion, more people and more money are at risk, especially those in emerging markets. In developed markets, there is a robust network of cyber defenses, but emerging markets might lack security networks. These are the top reasons for greater collaboration between fintech and cybersecurity:

Fintech needs a change of mind

Let’s just imagine fintech and cybersecurity as two parts of the same body: Fintech as the front of the horse, with great teeth and world-class mane, and cybersecurity is the rear, with strong hind legs. When reconceptualise like this, we see it makes sense, as both work towards the same aim: Making tech safe for users and industries.

However, there’s no doubt our horse has a tubby belly and could definitely do with a workout.

To achieve a leaner shape, both industries are going to have to start working a lot closer together. As fintech use takes off in emerging markets (17% of populations — more than developed markets), cybersecurity lags far behind, despite the World Economic Forum stating that cyber attacks are as severe as unemployment and climate change when it comes to the most significant long term risks worldwide. Thinking of the two industries as conjoined is the first step to reducing risk of fintech use.

Small businesses and fintech startups need to get on board

A new report entitled Small Business Reputation and Cyber Risk from Cyber Street-Wise and KPMG found that less than a quarter of small businesses cite cybersecurity as a top concern. A recent report by the Allianz Global Corporate and Specialty group determined that the only 10% of US businesses purchased cyber-insurance; A number that decreases in line with the country’s ranking in the GDP table.

The main reason for firms not buying into cybersecurity? 70% of businesses cited lack of awareness of the risks of cyber-crime. We all remember 2014’s infamous cyber-hack of J.P. Morgan – an attack on a company that invests more than US$250-million per year on cybersecurity. If that is the case for fintech — what is the vulnerability of small fintech startups? Ignorance is no excuse, particularly when consumers are at risk. There is also an imperative to build trust amongst consumers, with fintech being an industry that relies heavily on consumer trust. Cybersecurity ensures consumers are protected, while securing a fintech’s integrity, and thereby building trust among consumers.

Emerging markets need more help than developed ones

There is a difference between security qualities in emerging and developed markets. The response and retaliate infrastructure in emerging markets is weaker than in developed markets, leaving consumers the most vulnerable.

In the US or Japan, cyber threats are managed by the government in conjunction with military and security services. What’s more, cybersecurity is well-monitored, with the payment fintech Dwolla recently fined US$100 000 for not complying with data security regulations. In emerging markets, however, cybersecurity remains the province of private companies, and regulation is not as rigid. It remains a sad truth that people around the world are left to face the threats of cybersecurity insufficiently aided by governments.

Supply chains also need to be made more secure

As the problems also lie in supply chains which are weaker in emerging markets, so the financially excluded that are being included for the first time, are at risk more than usual. And it’s not just businesses or consumer-facing businesses that need to be ensured, but the entire supply-chain: If you can attack a supplier, the store and its customers are at risk.

However, in these markets, cybersecurity firms are particularly focused on working with large financial incumbents, such as J.P. Morgan in Kenya, where they are helping to develop and promote high-end security solutions for rich consumers. In Singapore, for example, in 2013, Fuji Xerox was attacked by hackers — leaving bank and fintech customers exposed through the printout of financial statements.

Older technologies need to be fixed

One argument against the introduction of more stringent cybersecurity enforcement in emerging markets is the fact that on average, off the 2 billion globally unbanked people, fewer than 60% actually own a mobile phone — and an even smaller 30% of this figure — use a smartphone. Therefore, the ‘cyber’ in ‘cybersecurity’ might be somewhat of a misnomer. What is required is a system of defenses to first consolidate and then protect digital wallets, which can be accessed via the technology that most consumers in these markets use: SMS.

So there is a two-fold problem: Not only are the fintech startups themselves vulnerable to attack, the systems they use to function are also vulnerable. This makes for a pressing case for the fintechs and cybersecurity firms to work more closely together. I recommend that regulators step in to ensure that fintechs across the world comply with strict cybersecurity rules, to ensure the entire supply chain is stronger; And of course, I recommend the development of proper authentication processes.

There has to be strong governmental support for a broad-based approach towards the issue of cybersecurity and fintech, to ensure that people in the most vulnerable markets in the world are protected. This is certainly a lot more difficult than moving an email to the spam folder.

I argue for a trickle-across effect, not a trickle-down one: It’s not that banks and large financial institutions need to pursue cybersecurity only, it’s that we should encourage SMEs to adopt more robust cybersecurity measures here at home to influence the industry’s growth across the world.