Security

Established players in the financial services space can use their deep security experience to differentiate themselves from rising FinTechs. However, with cyber crime on the rise, now is not the time for complacency.

x

How you can use the RetailTech Model

The first stage is Research & Development, when an innovation is not fully-fledged and has not yet been adopted beyond prototypes, trials or POCs.

New technologies typically go through 5+ years of R&D, though the timeframe will vary substantially depending on the degree of innovation entailed.

.
next

Model Stages

The Leading Edge stage indicates when an innovation has moved out of R&D and into operation. Approximately 5% of the market adopts the innovation at this stage, usually start-ups and a few industry players known for being forward-looking.

Sometimes, an innovation is picked up from another sector. As indicated in the timeline below, it typically takes 1 to 3 years to move from the Leading Edge to Early Adopters stage.

.
back
next

Model Timeline

At this stage organisations are more risk averse than those at the Leading Edge, but are still keen to be in the industry’s upper quartile and adopt a new technology.

The broad timeline for technologies to remain at this stage is 2 to 5 years at which point they will have reached around 25% market adoption.

.
back
next

Model Origins

By this point a technology or business innovation can be considered as Mainstream since it will have been implemented by around 50% of the market.

2-5 years is the typical timeframe for this stage.

.
back
next

Model Lenses

Technologies in the Late Adopters stage have been widely adopted across the industry with 80% - 100% of the market using them after a further 5+ years.

Not all technologies end up being adopted by everyone, with some 20% of technologies never reaching full adoption.

.
back
more lenses
R&D

The first stage is Research & Development, when an innovation is not fully-fledged and has not yet been adopted beyond prototypes, trials or POCs.

New technologies typically go through 5+ years of R&D, though the timeframe will vary substantially depending on the degree of innovation entailed.

. .
5+
Leading Edge

The Leading Edge stage indicates when an innovation has moved out of R&D and into operation. Approximately 5% of the market adopts the innovation at this stage, usually start-ups and a few industry players known for being forward-looking.

Sometimes, an innovation is picked up from another sector. As indicated in the timeline below, it typically takes 1 to 3 years to move from the Leading Edge to Early Adopters stage.

. .
5%
1-3
Early Adopters

At this stage organisations are more risk averse than those at the Leading Edge, but are still keen to be in the industry’s upper quartile and adopt a new technology.

The broad timeline for technologies to remain at this stage is 2 to 5 years at which point they will have reached around 25% market adoption.

. .
25%
2-5
Mainstream

By this point a technology or business innovation can be considered as Mainstream since it will have been implemented by around 50% of the market.

2-5 years is the typical timeframe for this stage.

. .
50%
2-5
Late Adopters

Technologies in the Late Adopters stage have been widely adopted across the industry with 80% - 100% of the market using them after a further 5+ years.

Not all technologies end up being adopted by everyone, with some 20% of technologies never reaching full adoption.

. .
80%-100%
5+

The first stage is Research & Development, when an innovation is not fully-fledged and has not yet been adopted beyond prototypes, trials or POCs.

New technologies typically go through 5+ years of R&D, though the timeframe will vary substantially depending on the degree of innovation entailed.

The Leading Edge stage indicates when an innovation has moved out of R&D and into operation. Approximately 5% of the market adopts the innovation at this stage, usually start-ups and a few industry players known for being forward-looking.

Sometimes, an innovation is picked up from another sector. As indicated in the timeline below, it typically takes 1 to 3 years to move from the Leading Edge to Early Adopters stage.

At this stage organisations are more risk averse than those at the Leading Edge, but are still keen to be in the industry’s upper quartile and adopt a new technology.

The broad timeline for technologies to remain at this stage is 2 to 5 years at which point they will have reached around 25% market adoption.

By this point a technology or business innovation can be considered as Mainstream since it will have been implemented by around 50% of the market.

2-5 years is the typical timeframe for this stage.

Technologies in the Late Adopters stage have been widely adopted across the industry with 80% - 100% of the market using them after a further 5+ years.

Not all technologies end up being adopted by everyone, with some 20% of technologies never reaching full adoption.

New technologies, new vulnerabilities

With cyber crime on the rise, IT security has become a board-level issue of paramount importance to financial services institutions. At the same time, established organizations have found they can use security to differentiate against FinTechs and other new entrants that have not developed the same level of trust and expertise.

In the past, banks have concentrated primarily on securing clients’ money, but measures like the General Data Protection Regulation have focused attention on securing personal information, including IP addresses and pseudonyms. Crucial to this demand is rich analytics that can automatically identify the most-critical and sensitive data for protection in use, in transit and at rest. Beyond compliance, organizations are starting to think about how to generate business value from client data.

Leading-edge organizations are capturing biometrics as an integral step to improving customer service. For instance, biometrics can be part of the account-opening process so that customers can be fully digitally enabled from the start. Shared solutions are emerging, such as industry-based approaches to Know Your Customer in Canada and South Africa. The logical next step is a federated identity scheme, similar to those in place in Scandinavian and Eastern European countries. A comparable innovation is API-based identity management solutions, with innovative banks exploring identity-as-a-service through secure APIs.

Cognitive security based on self-learning systems allows organizations to learn from vast amounts of system-generated data and adapt their defenses automatically. For example, machine learning strengthens endpoint security, sensing new and unknown malicious behavior in real time. Indeed, security solutions are moving steadily closer to the asset that has to be secured. The real driver here is advanced persistent threats (APTs) that sidestep the business process controls, such as segregation of duties, in which banks have placed so much trust. Defense-in-depth security is now the dominant strategy.

New technologies come with new vulnerabilities, with defense often half a step behind. IoT is a case in point. Numerous warnings have been raised about IoT risks, from self-driving cars being hijacked to viruses infecting pacemakers. Another IoT risk comes from distributed denial-of-service (DDoS) attacks.

Blockchain promises to address many security issues. The underlying principle of blockchain as a distributed ledger reduces fraud because each participant holds an immutable copy of the ledger. Yet, as organizations deepen their investigation of blockchain, they uncover new security issues, with central exchanges and private keys becoming cause for concern.

In parallel with these technology developments, there is a realization that effective security comes down to governance. Overall accountability is moving from the CISO to the Chief Risk Officer (CRO) who sets strategy based on the business value of information. Beneath the CRO, responsibility is fragmented across business, technical and risk functions, bringing to the fore the need for effective governance and information reporting using all-encompassing security dashboards.

Explore these and other trends in the Security Technology lens of our Innovation Model.

expert-image

Security Expert

Dimitrios Petropoulos
DXC Security Practice

Arrange a meeting with Dimitrios Petropoulos

Are you interested in exploring specific lenses?