How to win the innovation war on cybersecurity
Banks are prime targets for cybercriminals who are always looking for new ways to steal money, data, and customer information. Institutions are effectively in a constant battle of innovation, requiring them to invest heavily to help predict and combat emerging threats from sophisticated criminals.
There are several factors driving the innovation battle in cybersecurity in banking. These include:
The rise of new technologies, such as cloud computing, artificial intelligence (AI), and blockchain, as it creates new vulnerabilities that cybercriminals can exploit.
The increasing expansion and complexity of financial systems, which unfortunately makes them harder to secure.
The ever-increasing sophistication of cybercriminals and their ability to use the newest technology and advanced techniques to penetrate financial institutions.
To stay ahead of the curve, banks of all sizes need to invest in new technology, such as AI and machine learning. Training for their customers, employees, and future employees is also critical, as human error is often the cause of a cybersecurity breach.
Institutions should also consider working closely with relevant organisations at both a national and regional level, like the European Union Agency for Cybersecurity (ENISA). They should embrace regulation, such as the Network and Information Systems Directive (NIS Directive), in a way that drives collaboration rather than stifling innovation.
By investing in innovation in cybersecurity, financial institutions can help to protect themselves from cyberattacks and keep their customers' data safe.
Leading the way on AI-driven cybersecurity
Cybersecurity teams must be seen as value-generating and are an integral part of a bank’s processes and operations. Their work is essential to help deliver the safe integration of emerging technologies.
At CaixaBank, we have rolled out a cybersecurity ecosystem with specialist teams and advanced technology infrastructure, to protect digital transactions from security incidents. This includes new security solutions using AI that sift through vast amounts of data, spot patterns, and predict potential threats, to stay one step ahead of cybercriminals. Machine learning algorithms are continually refined through data analysis, allowing us to identify new attack vectors and adjust security measures accordingly.
Exploring the potential of other emerging technologies like quantum computing, blockchain, and cloud services, to enhance cybersecurity measures, is also high on our agenda. By continually reviewing existing controls, conducting ongoing risk analysis and adapting to new developments, we are ensuring that our security infrastructure is robust and resistant to fast-evolving threats.
Closing the skills gap
Investing in innovation is not just about creating new technologies: it is about promoting their adoption, too. A balance must be struck between security and ease of use, but this is a complex compromise and can often be critical due to its impact on the end-user and overall business. A simple way of addressing this is to provide comprehensive training and support for employees, as well as corporate and consumer customers.
Investing in innovation is not just about creating new technologies: it is about promoting their adoption, too
In the interest of staying ahead of the curve, it is important to look beyond the current training needs, and towards those of the future. This is why we are committed to defining and supporting training for the next generation of cybersecurity professionals. The European Commission recently chose CaixaBank, alongside La Salle Campus Barcelona and other European entities, to lead a project with this ambition.
Collaborating across Europe
By working together, European banks – and indeed sovereign nations – can share information and resources, to develop better cybersecurity solutions at a lower overall cost of investment. Institutions should work closely with organisations like ENISA, the agency dedicated to a higher common level of cybersecurity across Europe, to share knowledge, and build capacity in the battle against cybercrime.
CaixaBank is currently participating in several EU-funded projects, in which public-private consortiums, including industry and research entities, have joined forces to explore new ways of fighting against cyberattacks, especially using AI. Our role in those projects is to lead cybersecurity and fraud prevention pilot cases that enable the bank to test solutions developed in the real-life environment of a financial institution.
Regulation: A key driver in CaixaBank's cybersecurity innovation
Regulation is another determinant factor in cybersecurity innovation. Given how highly regulated the banking sector is, regulations like the NIS Directive have a significant impact on cybersecurity evolution in the industry. They will often require institutions to provide minimum cybersecurity guarantees and help to foster an environment for innovation.
While some upcoming regulations, like the European AI Act, which aims to ensure that AI is deployed responsibly, may seem to limit innovation potential, they are necessary to prevent over-reliance on AI and maintain a certain level of explainability in decisions made by AI-governed machines and devices, allowing for supervision and correction.
CaixaBank operates under strict regulatory oversight, and we are dedicated to complying with regulations like the NIS Directive and the Digital Operational Resilience Act (DORA). By fully embracing these laws, we ensure that we are innovating in ways that are intended by the regulators. We understand the importance of striking a balance between leveraging AI's potential and ensuring transparency and accountability in AI-driven decisions.
A comprehensive, strategic approach that is constantly evolving
The cybersecurity innovation war is one that is fought on many fronts. To win it, banks need a comprehensive and constantly evolving strategy that covers everything from technology through to compliance and people. This is not a static field. Cybersecurity is constantly evolving; banks must stay vigilant, proactive, and continue to invest.