Consumers trust digital operations of banks, yet a reality check may be looming

13 February 2017

Banks continue to be widely trusted by consumers to be secure and good stewards of their most intimate information. A new survey highlights however, that the majority of banks either has weak security and data privacy policies, or is weak in one of the two areas. The introduction of the General Data Protection Regulation next year may disclose just how porous bank defences are, with considerable negative consequences for banks and insurers – 74% of consumers say they would consider shifting to a competitor on a breach.

As breaches become more common in cyberspace, resulting in more and more consumers’ personal, and private, information ending up on the street – consumers end up finding themselves in considerable uncertainty and, if unlucky, left behind with time consuming problems. While a number of sectors, and companies, have suffered considerable reputation damage from breaches, others continue to enjoy relatively positive consumer sentiment about their relative safety.

In a new report from Capgemini, titled ‘The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer and More Secure’, the consultancy firm explores in how far financial services institutions, banks and insurers, have developed their defences, as well as the perception of consumers about the industry as a whole. The study involved 7,600 consumers across eight countries, as well as interviews with 183 senior security and privacy professionals from global banking and insurance organisations.

Strength of data privacy of policies vs. strength of security framework

The research highlights that there are considerable gaps among a large number of banks and insurers surveyed. As it stands, around 29% of those surveyed have both strong data privacy policies and a strong security framework in place. 31% of respondents however, are weak in both categories, with the largest chunk of respondents particularly weak in terms of the strength of their data privacy policies.

Around 20% of respondents have strong a strong security framework in place, but lack strong data privacy policies, while a further 20% have a strong data privacy policy in place but do not back it up with a strong security framework.

How financial services organisation fare on key security and privacy parameters

To get a better sense of what distinguishes the pace-setters out from the laggards, the firm asked respondents to identify their respective capabilities and procedures across a number of key security and data policy parameters.

While 29% of those surveyed were shown to have relatively strong security and data privacy policies in place, few of the respondents (21%) say that they are highly confident of detecting a data breach. Almost the majority of respondents (49%) say that, when a vulnerability is found, it takes between three months and a year to patch. Few of the respondents (40%) have a robust and fully automated cyber threat intelligence capability at their disposal.

The research also found that a large number of respondents continue to retain customer data even after the customer has moved elsewhere – which, if the reason for the move was a data breach, may continue to incite customer ire as well as risk (further) exposure. Few of the responding institutions (21%) update their data consent clause when they refresh their data policy.

Trust in financial institutions is significantly higher than for other sectors

While the study highlights that banks and insurers leave much to be desired when it comes to cyber security and data privacy policies, they continue to attract considerable trust from consumers, at 83% of consumers surveyed. Alternative payment providers come in second, at 49%, while e-commerce firms, which have seen mega scale breaches, come third on 28%.

Telecom firms, retailers, social networking sites and FinTech firms are all seen as untrustworthy by the vast majority of respondents. While banks have thus far continued to enjoy positive perception from consumers – the stark reality of breaches in the industry will need to be disclosed from next year within 72 hours of discovery, as part of the General Data Protection Regulation regulations.

Primary reasons for not using digital channel

Security concerns, particularly when trust is broken, results in 47% of consumer respondents being deterred from using a digital channel. Unsecured websites were found to be the primary reason for not using a digital channel by 29% of respondent comsumers for insurance, 32% for banking and 31% across all websites. Unsecured mobile apps were the primary reason for a consumer not to use the digital channel in 31% of cases for insurance and 35% for banking.

The potential misuse of data was cited by respondents as the most concerning however, with 40% of respondents not using insurance digital channels on the basis of the risk and 33% avoiding baking on basis of the risk. The firm notes that addressing the respective concerns, or mitigating the creation of such concern in the future, would create considerable benefits for financial services firms – not least because transaction costs online are 43% lower than at a branch.

Likelihood to switch across geographies

Banks also risk losing customers if it becomes clear that their security or data use policies are lax and/or intrusive. The report notes that across all respondent countries, 74% of consumer respondents say that they would switch institution if there was a data breach at their current provider. In the UK this rose to 80%, while in the Netherlands it fell to 58%. Germany and Spain too are particularly concerned, at 83% and 90% respectively – in Spain this is partly the result of data breaches in recent years.

Mike Turner, Global Cybersecurity Chief Operating Officer at Capgemini, says, “Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief their provider can be 100% secure. While banks are evolving to combat the sophisticated threat cybercriminals pose, public understanding of the threats and challenges remains low.”


Grant Thornton advises on deal for high-growth cloud hosting firm

08 April 2019

Grant Thornton’s North West Corporate Finance team has completed its first TMT deal of 2019. The professional services firm advised the shareholders of Hosted Desktop UK on their investment from specialist SME lender Beechbrook Capital.

Technological disruption and changing consumer behaviour have continued to affect top Technology, Media & Telecommunications (TMT) players in recent years. The industry has seen revenues border on stagnation over the past decade, at 0.4% annual growth since 2008. While the industry is keen to develop new digital services and models to meet market challenges, they face a range of barriers – meaning the recruiting of talent specialising in innovative software and technology has become a key goal for the industry.

Amid this, Hosted Desktop UK (HDUK) provides cloud computing services to small and medium sized businesses across the UK. The firm’s cloud solutions provide businesses with IT reliability, flexibility, value for money and business continuity. As the firm bids to grow in the UK, with demand for its disruptive technologies high, HDUK has secured a key investment from specialist SME lender Beechbrook Capital.

Grant Thornton advises on deal for high-growth cloud hosting firm

The transaction was Beechbrook Capital’s maiden deal from its latest UK SME credit fund, which supports small and medium-sized businesses in the UK with EBITDA of £1 million and above. Manchester law firms Pannone Corporate (sell-side advice, led by Mark Winthorpe) and DWF LLP (buy-side advice, led by Jonathan Robinson) also advised on the deal, while Grant Thornton’s North West Corporate Finance team advised HDUK’s shareholders.

The deal represents the Grant Thornton branch’s first TMT deal of 2019, with a team comprised of Partner and Head of Corporate Finance Peter Terry, Manager Daniel Brecker and Assistant Manager Cariad Mudford advising HDUK shareholders on the investment. It is the third key deal in the TMT sector that the GT North team has advised on in the last 18 months, following the £16.5 million sale of Salford-based Sonassi to Iomart in December 2017 and NorthEdge Capital’s investment in Yorkshire company iPortalis in August 2018.

Grant Thornton’s Peter Terry said of the news, “As our domestic and working lives become ever-more technology dependent, it’s no surprise that there continues to be strong investor interest in any asset in the cloud computing, data infrastructure and connectivity space… We were pleased to work with Beechbrook Capital on the first deal in its new fund. It shows that despite the well-documented uncertainties in the economy there are still good funding options for dynamic SMEs and their management teams.”