Cybersecurity is now a major area of concern for the banking industry as 52% of banks in the country are at high cyber risks, according to the findings of a study by the Bangladesh Institute of Bank Management (BIBM).
The country's banking sector has undergone a massive digital transformation over the past five years thanks to heavy investment in information technology (IT), but spending for cybersecurity and IT training is still very low, putting most banks at risk of cyberattacks, the study has found.
The banking sector faces a maximum of 630 cyberattacks every day and some 32% of the banks are at moderate cyber risks, while only 12% are at low risks, according to the study titled "Cybersecurity landscape of banking in Bangladesh and recommendations."
The findings of the study were revealed by Md Mahbubur Rahman Alam, associate professor of the BIBM, on Sunday – the first day of a two-day cybersecurity summit being held at a city hotel.
The Association of Bankers, Bangladesh (ABB) has organised the first ever cybersecurity summit in the country where local and international experts have been invited to dig deeper into the major challenges that the banking sector is facing.
Attending the summit "Building cyber resilience for banks", Bangladesh Bank Governor Fazle Kabir called upon banks to invest heavily in cybersecurity.
ABB Chairman Selim RF Hussain, who chaired the opening session of the summit, said, "As cybercrime is on the rise in this age of digital banking, we must prepare ourselves to tackle the risk. We think a stronger collective response and knowledge-sharing are essential to face the increasing cyber threats."
The BIBM study has found that most of the attacks, 24% to be precise, come from China, followed by Russia 12%, and North Korea 13%.
Bangladeshi banks experience 72% of total online frauds through the SWIFT system in terms of value, while 20% of the frauds are executed through banking software, and the rest through other digital channels such as mobile banking, internet banking clearing, and ATM, according to the study.
A lack of in-house IT expertise is identified as one of the major weaknesses that are putting banks under cyber threats.
Banks are suffering from a shortage of IT-skilled manpower as they spend less for IT training and security systems.
Since the year 2020, the banking sector has thus far invested a total of Tk42,609 crore in IT, says the study report, adding that the amount of IT investment was Tk1,666 crore in 2020, of which 71% were spent for software and hardware, while only 3% was spent for training, and 5% for security. As a result, 50% of bank employees have a very poor knowledge of IT.
The study has also found that vendors are mostly behind the cyber security breach and bank employees are in the second position in this regard.
According to the study report, IT increases the efficiency and productivity which ultimately impact banks' profitability. For instance, the total number of banking transactions – both online and manual – was 738 crore in 2021 when the number of employees was 1.94 lakh. Managing the same amount of transactions would require 9.86 lakh employees in 1980. This means productivity increased by nearly five times in 40 years, thanks to digitalisation.
Of the total transactions in 2021, 70% were held through the digital channel.
Digitalisation has also helped banks cut their operational cost significantly, says the report, adding that the average cost of per transaction through banks' branches is Tk90, while the cost is only Tk1.74 in internet banking, Tk52 through ATM, Tk1.5 in mobile banking, and Tk32 in agent banking.
The average branch banking cost per transaction worldwide is Tk4.25, while it is less than Tk1 in internet banking, according to the study.