What cost cyber security? New perspectives on digital change

Posted on: October 22, 2018 by Michael Davison

Why should consumers of financial services worry about cyber security? After all, their banks, insurers, pension providers and investment houses look after that, day and night. It isn’t for customers to intervene (how could they?) to improve the security of those firms’ data and systems.

Is there more to it than that, though? Although most of us will be aware of ‘cyber’ and its risks and dangers and the steady stream of reports of massive data losses from around the world, very few have a detailed technical grasp of what a cyber attack might be, what cyber defences their financial services providers have put in place to protect customer data or what their personal role, if any, might be in reducing such risks.

Having researched citizens and businesses’ knowledge, attitudes towards and personal actions to counter cyber threats(i), Atos has discovered that each of these is shifting in ways that are highly relevant to progressive financial services firms and that there is a set of unexpected relationships between cyber security, digital change and customer experience which offer solid grounds for leaders to differentiate themselves.

Firstly, awareness, expectations and their impact on trust between customer and financial services provider are all on the march.  

Consumers have become significantly more aware of cyber threats (73%), with most of these (68%) becoming more aware that cyber attacks could affect their daily lives.

The wider impact on customer-firm relationships is demonstrated by 58% claiming that they were unsure whether they would trust an organisation after a cyber attack.

So, customers are starting to doubt the trustworthiness of organisations, even those as safe as banks, insurers, pensions providers, investment houses, to look after their data.  This can’t be good news for those industries, however much they might choose to rely upon customer inertia to see them through.

Secondly, the question of shared responsibility between firm and customer to keep data safe is starting to crystallise as awareness and understanding increases. 

General awareness of the importance of safe and legitimate storage and usage of personal data has perhaps never been higher, following the impacts that the General Data Protection Regulation has had every piece of commercial or citizen communication.

This high awareness translates into low customer tolerance of data breaches, with 69% agreeing that organisations should be fined and 80% agreeing that organisations should be held more accountable than they are now, should they suffer a data breach.

But at the same time, an even higher number (87%) accept that they too have a responsibility to keep their information safe and almost the same number (85%) that they personally could do more to discharge that responsibility.

So, the general population is now more aware both that the data environment has changed and that they are mostly not doing enough to look after their own data in their daily personal and commercial lives. Indeed whilst 40% admitted they did nothing to protect themselves an encouraging 52% said that was because they didn’t know how to.

Why encouraging? Well, it’s a strong signal that industry, commerce as well as government have a great deal more to do to drive down every avoidable source of cyber threat and to practice the basics of safe data usage. Keeping passwords confidential and changing them periodically. Shredding financial documents which are no longer needed. Securing mobile devices.  Managing permissions on websites. Keeping financially personal phone conversations private.

Thirdly, cyber security if now a factor in 58% of customers’ choices of which organisation to award their business to.

It follows that this number will be equally ready to exercise their rights to terminate relationships with organisations which prove themselves and data supply chains to be untrustworthy. 66% go on to say that they expect organisations fully to protect their customers which, on the face of it, is a reasonable expectation.

So, it would appear that banks, insurers, pension providers and investment houses, still deemed amongst the safest of all organisations, will see fewer customers in future if they fail to secure their data adequately.

But, it’s not all one way. Customers are realistic about what it takes to be kept safe.  56% claim to be willing to compromise their experience, from slower service delivery (66%) or more complex log in (59%), in order to enjoy higher levels of security.

And there is a very strong relationship between visible security action by organisations and the level of trust which customers have in those organisations. On the basis that firms increase investment in advanced technologies, 67% of customers would trust them more.

But, when sensitive data is lost, is it as simple as customers defecting to the competition ‘en masse’?

So far, the evidence suggests not but the financial, operational and reputational pains are so intense that losing customers may be among the lower of their immediate priorities.

As well as clearing up the breach, restoring service, compensating customers, satisfying regulators, shareholders, the media and government, there are undoubtedly other things which progressive financial services organisations can do to retain customers through data breaches and maintain their trust.

These are three-fold.

  1. Engage in long-term digital transformation right across the enterprise to modernise how work is done, to benefit customers as much as to save cost.
  2. Redesign and then deliver great customer experience for their customers.
  3. Demonstrate that cyber security is built into the very fabric of the infrastructure, clouds, applications and end-points which deliver the services they need and love to use.

With these risks and opportunities in mind, these claims make a lot of sense to me:

‘Customers will use services more if they think they’re secure and they’ll be more tolerant of cyber security measures if they understand them.’(ii)

Customers are more likely to accept more security measures if their digital experience is well designed. But they need to understand the benefits to them and they may need your guidance for that.’ (iii)

‘Cyber security is now a differentiator in a world where customers will not use digital services they don’t trust. Digital innovation in cyber security will give you a competitive edge.’ (iv)

Security and digital are now indivisible elements of the modern organisation.  Those who get it right have the strongest chances of longevity and success and, this research suggests, customers are ready to reward those who do with their loyalty, their funds and their good will.

And that’s an outcome worth fighting for.


(i) The Currency of Cyber Trust, Atos, April 2018. Sample: > 3,000 UK citizens and businesses

(ii) Phil Aitcheson, Atos Head of Cyber Security and Mission-Critical Systems. Amos UK&I

(iii) Sandy Forrest, Atos Client Executive, Cyber Security, Atos UK&I

(iv) Tom Swanson, Chief Digital Officer, Atos UK&I

Share this blog article

About Michael Davison

Industry Principal, Financial Services
Michael Davison is Industry Principal, Financial Services for Atos UK and Ireland. He brings the FS industry perspective to bear in developing Atos’s Financial Services market and customer offerings and projecting Atos’s points of view on key industry issues through Atos and public digital media, conferences and seminars.   Michael’s career in financial services spans some 30 years consulting at IBM and PriceWaterhouse Coopers and at the centre of Lloyds Bank’s bancassurance businesses.  Michael recently developed Atos’s ‘Hybrid Cloud for Financial Services – Data Analytics’ solution with Microsoft and Dell EMC and drives the research and development arm of  Atos’s global Fintech Programme.

Follow or contact Michael