Cape Town - Local banks are learning fast but cybersecurity in South Africa's financial system is hampered by the country's dearth of highly sophisticated skills in that area, says an industry expert.
The growing threat of online security breaches is forcing banks worldwide to seek out new skills and techniques from the defence and counter intelligence communities.
Not surprisingly, Deloitte’s 2015 Banking Outlook report has found that cybersecurity is a top concern for banks around the world.
According to the report, cybersecurity has been one of the top seven focus areas for banks in 2015 alongside traditional banking concerns such as data management, compliance and risk, payments transformation, growth, banking mergers and acquisition activity, and balance sheet efficiency.
However, South Africa's lenders could be underestimating the severity of the global cybersecurity threat.
“Cybersecurity has hit South African shores in a big way in recent years but I’m not sure the local market realises the scale and severity of the threat,” said Darren Shipp, Industry Lead for Banking Assurance at Deloitte Southern Africa in a statement on Monday.
Allthough South Africa’s financial system is highly sophisticated, it has not yet faced the same level of sophistication in terms of the cyber threats it has had to deal with, said Shipp, "certainly not on the same degree as that experienced by the US banking sector”.
A major concern for local banks is South Africa's shortage of highly sophisticated cybersecurity skills. This limits the degree to which the industry can put measures in place to combat possible threats, according to Shipp. What makes it worse is that competition for these skills is also exceedingly high.
“The skills set needed to counter the highly sophisticated cyber threats emerging from places like China and Russia are few and far between in South Africa,” said Shipp.
He added that local banks are making strides but have also been insulated to some extent as most of the cyber threats faced by them have been fairly localised.
However, that is no grounds for complacency, warned Shipp. "At the moment South African banks are not at the top of the list of people who may want to create havoc in financial markets, but that could change very quickly.”
The report said banks will have to proactively manage third-party vendors to mitigate the potential cybersecurity threats posed by them.
It also highlighted the fact that smaller banks may be at greater risk from cybersecurity breaches, given the extent and scale of the skills needed to shore up cyber defences against these kind of attacks.