The cybersecurity foundation for digital transformations

Sri Lanka's digital transformation drive is prompting banking, insurance, and retail firms to overhaul their cybersecurity strategies. Akhilesh Tuteja, Global Cyber Security Leader at KPMG, notes that while technology has empowered smaller businesses, the ongoing costs of maintaining and securing these systems pose challenges, especially for smaller entities. Tuteja advises firms to carefully assess total ownership costs and prioritize security.

Key threats include maintaining round-the-clock system security, safeguarding customer data, and managing risks linked to third-party services. With the adoption of IFRS 17 in Sri Lanka, firms must securely consolidate data and enhance controls. Balancing digital innovation with cybersecurity is paramount, and KPMG is poised to guide firms make informed technology decisions and help enhance their security investments.

How should the Sri Lankan banking, insurance, and retail sectors adapt cybersecurity strategies to support national digital transformation?

Technology, especially in IT, has levelled the playing field, enabling small companies to compete with larger ones by accessing the same tools and achieving quick results. However, the initial cost of technology can be deceiving. Like a seemingly affordable printer with costly ink and paper, new technology incurs ongoing expenses for maintenance and security. Smaller companies can adopt technology more easily but often face security challenges. My advice to Sri Lankan companies is twofold: consider the total cost of ownership, including maintenance and security, and ensure you have robust security measures in place before investing.

What are the main cybersecurity threats faced by banking, insurance, and retail? How can they best prepare and defend against them?

In the banking, insurance, and retail sectors, maintaining cybersecurity is critical due to their round-the-clock operations and customer demands for uninterrupted service. Cloud computing offers continuous, secure operations, but challenges persist in safeguarding customer data and complying with evolving regulations. Companies must educate users to recognize and avoid online threats like phishing scams. The reliance on subcontractors and third-party services further complicates data security, requiring robust risk management strategies. Ensuring customer trust and preventing fraud are paramount. Companies in these sectors must continuously update their cybersecurity measures to mitigate these risks and maintain the integrity of their operations.

As companies move towards implementing IFRS 17, what role does cybersecurity play in this transition? And what steps should firms take to ensure their technological infrastructure supports both compliance and security?

Congratulations to the regulators and the insurance industry in Sri Lanka for embracing IFRS 17. This progressive standard elevates everyone to an international level, which is commendable. However, transitioning to IFRS 17 is challenging.

It requires systems to operate differently and to reassess revenues and expenses. The primary technological challenge is consolidating data from various systems into a reliable, trustworthy source. Data integrity is crucial.

Additionally, moving from decentralized systems to a centralized platform introduces a single point of failure, increasing vulnerability. Therefore, companies must enhance their controls and security measures. Ensuring data integrity and system security is vital for a successful IFRS 17 transition.

With the increasing digitalization of the retail industry, how can companies balance the benefits of digital innovation with the need to protect against heightened cyber risks? And what best practices should they adopt to safeguard their digital assets?

Technology is a tool that has two faces; it offers great benefits but can also be risky. When it fails, it can cause widespread issues due to its fast, integrated nature. Retailers face major challenges, particularly in privacy and user experience. Different generations require tailored experiences, like my mother and daughter: one savours unwrapping gifts slowly, while the other does it in seconds.

Retailers need diverse interfaces to cater to these varying needs, complicating security. For example, banks now manage multiple platforms—websites and mobile apps—across various operating systems. Simplifying user interfaces, like modern cars, increase complexity behind the scenes. CEOs often mistake simplicity for ease of use, but robust, complex engineering is essential for protection.

Where is KPMG coming? How are you helping organizations unlock the potential of technology? While strengthening cyber security?

Technology brings immense benefits but also significant challenges. Business leaders often jump at new tech like cloud, mobile, and AI for their promise of high returns with low costs. However, the abundance of options can overwhelm decision-making.

KPMG helps by guiding companies to choose the right technology for their specific needs. Once the tech is chosen, securing it is crucial. Not every system needs maximum security; our job is to help businesses protect what's essential, balancing risk and reward.

We help businesses transform through effective intervention of process streamlining and technology interventions. KPMG focuses on making informed choices, customizing solutions, and driving outcomes for our clients.

Why is KPMG among the best positioned to be a technology enabler?

At KPMG, we offer a distinctive blend of skills to tackle complex problems. We believe technology must be understood and applied effectively. However, our multidisciplinary team combines industry knowledge and technical expertise.

We tailor solutions to a given industry, recognizing the distinct needs of sectors like financial services, telecom, retail, industrials, and energy. We guide our clients to understand and focus on their customers and leverage the right technology to deliver effective outcomes and experience.

We build trust by delivering reliable, secure systems. Importantly, we don’t just provide solutions; we stay with our clients throughout the journey, offering ongoing support and peace of mind.

A Version of the article was published in ECHELON on August 06, 2024