There’s emerging technology investments for corporate finance through 2024…but don’t forget the security.
A study of finance organisations in taken by analyst firm Gartner in November 2020 showed a widespread intent to invest in emerging technologies in the next three years, with cloud enterprise resource planning (ERP) being the most favoured choice.
“Many finance organisations are trying to figure out the digital landscape and ways to identify and execute cost savings opportunities in order to allocate more funding to digital initiatives,” said Dan Garvey, vice president in the Gartner Finance practice. “As with many business functions, COVID-19 has accelerated the pace of finance investment in digital transformation.”
While digital transformation has been a major priority for finance organizations in the past, the pace of transformation has materially changed. “Digital investment and transformation are no longer things that CFOs can take a ‘wait and see’ approach on or throw small investments at. The time is now, and CFOs need to act swiftly,” said Garvey.
Advanced data analytics, data storage, and robotic process automation (RPA) were all likely areas for investment in the next three years, while artificial intelligence (AI) and blockchain were less common responses
“It’s not surprising to see cloud ERP as the top choice for finance organizations because it is a maturing technology with clearly established benefits that offer an escape from the bloated ‘monolithic’ ERP systems of yesteryear,” noted Garvey. “Advanced analytics, data storage and RPA are also all established technologies with well-proven use cases in finance.”
AI and blockchain, however, are not so well-established and for many finance organizations would pose bigger implementation problems and a less certain return on investment. Moreover, it is possible to get some exposure to the potential benefits of AI without investing directly.
“Many cloud ERP and advanced analytics offerings are increasingly offering embedded AI capabilities, and that neatly solves many challenges around integration and in-house expertise,” he said. “There’s no doubting the potential of building your own AI, but is the finance organisation capable of realising that potential?”
Blockchain also has great transformative potential, but right now out-of-the-box use cases are also limited and not applicable to most of the work that the finance organization conducts. The size of the business in revenue correlates closely with its propensity to invest in AI, Blockchain or the Internet of Things (IoT).
“This is likely in part because of the sophistication of an organization’s IT infrastructure,” said Garvey. “Implementing AI, blockchain or IoT is unlikely to be simple, and there is lower hanging fruit for most finance organisations that want to drive meaningful gains with emerging technologies.”
However, the Financial Services Information Sharing and Analysis Center (FS-ISAC) warns that more than 100 financial services firms were targets of a wave of Distributed Denial of Service (DDoS) extortion attacks conducted by the same threat actor.
The criminals sent extortion notes threatening to disrupt the firms’ websites and digital services. The threat actor methodically moved across jurisdictions in Europe, North America, Latin America, and Asia Pacific, hitting dozens of institutions within weeks.
They targeted the full gamut of financial services companies: banks, fintechs, exchanges, card issuers, payments companies, insurance companies, credit bureaus, asset managers, money transfer companies, and payroll companies.
FS-ISAC credits its members’ willingness to share cyber intelligence with mitigating the impact and threat for the financial services industry. Members were able to keep up with the rapid pace of attacks using the FS-ISAC Intelligence Exchange’s secure chat and intelligence sharing capabilities, which enables industry collaboration and discussion in real time.
To increase industry-wide cross-border cyber intelligence sharing, FS-ISAC launched the Global Leaders award program. This is a company effort to elevate the profiles of members in the financial services community who actively share cyber intelligence and best practices across borders.
“Today’s cyber criminals know no borders. An attack on a bank in Asia could be a harbinger for an attack on an insurance company in the US, a stock exchange in Latin America, or a fintech in Europe,” said Teresa Walsh, global head of Intelligence at FS-ISAC. “This wave of attacks has shown how critical global cyber intelligence sharing is. Members sharing specific details of attacks enable other members to prepare and defend against them, lowering the return on investment for threat actors. Our Global Leaders program builds on these network effects by elevating those who share to benefit the entire community.”
The attacks have slowed but the recent boom in cryptocurrencies such as bitcoin, which cyber criminals use to demand payment, could incentivize other attacks.
“In 2021, we have already seen new cyber threats in the form of supply chain attacks, which we can expect to proliferate and evolve quickly. The only way to stay ahead of these ever more sophisticated threat actors is to collaborate,” said Jerry Perullo, CISO at ICE/NYSE and FS-ISAC Chairman of the Board. “Now more than ever, we need Global Leaders to model what effective sharing looks like to the rest of our community as well as the industry at large.”
In the Asia Pacific region, the Monetary Authority Singapore (MASO recently released guidelines for its financial sector, citing the rapid changes of technology in the financial sector.
According to MAS the underlying information technology (IT) infrastructure supporting financial services has grown in scope and complexity in recent years. Many financial institutions (FIs) are riding the wave of digitalisation to increase operational efficiency and to deliver better services to consumers.
While digital transformation brings significant benefits to the financial ecosystem, it also increases FIs’ exposure to a range of technology risks, including cyber risk.
The techniques used by cyber threat actors are becoming increasingly sophisticated, and weak links in the interconnected financial ecosystem can be compromised to carry out fraudulent financial transactions, exfiltrate sensitive financial data or disrupt IT systems that support financial services. Each FI should seek to understand their exposure to technology risks and put in place a robust risk management framework to ensure IT and cyber resilience.
MAS recommends finance organisations:
- Establish sound and robust technology risk governance and oversight
The board of directors and senior management at an FI play an integral part in the oversight and management of technology risk. The board of directors and senior management should cultivate a strong risk culture and ensure the establishment of a sound and robust technology risk management framework.
- Maintain Cyber Resilience Strong
Cyber resilience is critical for sustaining trust and confidence in financial services. FIs should adopt a defence-in-depth approach to strengthening cyber resilience. It is also important that FIs establish and continuously improve their IT processes and controls to preserve confidentiality, integrity and availability of data and IT systems.