Fintechs and cyber security

Exactly three years ago I left my Senior Security Advisor role at Microsoft to establish a security engineering and penetration testing consultancy, working primarily with fintechs at Level 39 and elsewhere. Three years is a long time in this business, and it seems a good time to reflect on what has and hasn’t changed since.

First, what has changed: fintechs of all stripes have dramatically proliferated, partly thanks to various accelerators and incubators, but what is more important, both fintechs and regulators appreciate the need for cybersecurity more than before.

Fintechs are now more security-aware and realise that a single security compromise may seriously undermine customer trust and endanger their chances of success. Awareness then has certainly increased. So what hasn’t changed?

Despite being more aware of cybersecurity risks and failures, most businesses, new and old, fintech or not, are still far away from being able to honestly say that they have engineered a secure product and operate a secure service — or that they have independent assurance to prove it.

Some only act when clients, investors or regulators ask for penetration test results or security policies.

For others, security or otherwise of their product too often depends on efforts of a single member of the team instead of being embedded in development and operations, leading to inconsistent or ineffective controls.

With fintechs increasingly attracting the attention of cybercriminals and others interested in the data they hold and process we better get better at securing it – or else.

Edgar ter Danielyan

Danielyan Consulting



Related posts

Databarracks Partners with Rubrik, Aiming to Modernise Data Protection in the UK

Manisha Patel

Jumio: 5 Trends Driving the Need to Establish Trust Online

Robert Prigge, Chief Executive Officer, Jumio

Two-Thirds Of UK Businesses Not Insured Against Information Security Breaches/Data Loss; NTT Security Reports

Manisha Patel