Connecting cyber and innovation

The explosion of new FinTech companies, many of which are set aggressive growth targets by their venture capital backers, may have started to swing a delicate balance in a dangerous direction. Too often new financial services companies value innovation and speed-to-market above security.

Perhaps the first problem is that companies view this as a balance or a trade-off at all. Running effective cyber security is seen as ticking a compliance box, and sometimes as a blocker to innovation.

It shouldn’t be this way. There are significant commercial imperatives and innovation opportunities behind investing in cyber security.

So, what are the commercial imperatives?

Growing public and customer awareness around personal data has led to more scrutiny of companies, particularly those in the B2C space, with regards to how they handle customer data. Customers are increasingly aware of data privacy and want to see that companies handling their data are doing so responsibly.

This environment of consumer awareness and concern around data, combined with lower barriers to switching, is creating a huge commercial imperative for companies to act. More than ever, trust and confidence in financial services firms depends critically on secure and robust security systems. Those that do it well will ensure that digital trust is at the core of their proposition. Those that don’t will find their customers voting with their feet and switching supplier.

This is especially true for businesses selling products and services through an app, where switching rates tend to be higher.

The opportunities for innovation through cyber security should also be considered.

Organisations need to think creatively about cyber security, otherwise it will be used as a stick to beat down new ideas. A first step towards ensuring your approach to cyber security fosters new ideas, rather than impedes them, is to integrate cyber security and digital innovation teams.

If security isn’t in the design and architecture of a product from day one, it’ll be back to the drawing board when something goes wrong. Jumping head-first into a product without any regard to cyber security will add unnecessary levels of risk, and companies that don’t change their ways will fall behind.

Robust cyber security in a FinTech is also becoming increasingly important when it comes to raising capital.

Investors and venture capitalists are increasingly scrutinising the overall cyber health of companies they’re considering investing in. The savviest investors analyse how products has been developed, what kind of product relief mechanisms are in place, what has been implemented (or hasn’t), and are looking at those gates where cyber experts should be signing off that it is a secure design and has been tested at appropriate points along the way.

Companies who are successfully integrating cyber and innovation will pass these security litmus tests for investors much faster than those who don’t and will consequently find raising money on their terms much easier.

The case for investing in cyber security, integrating the right people and thinking across a company is clear. Companies must understand their specific threat profile and apply expertise to the right places. Attempting to cover every conceivable risk tends to leave your most vulnerable areas under-protected.

Ultimately, it’s a clear message. Increasing consumer awareness around personal data, siloed innovation and cyber teams and investor scrutiny around cyber health all point to an opportunity for organisations to build in security by design. That way, they can seize the chance to make cybersecurity a commercial advantage and realise the business benefits.