Basil Jarrett | Banks can’t go it alone: How transparency fights cybercrime
TWO KEY events last week should have highlighted to even the most uninitiated that cyber has, and will continue to impact our lives in previously unimaginable ways. The first was last Wednesday’s public lecture on Jamaica’s critical cybersecurity framework, hosted jointly by the Major Organised Crime and Anti-Corruption Agency (MOCA) and the Mona School of Business and Management, focusing on the basic principle that a safe digital economy demands a strong, strategic partnership between law enforcement, academia, and the private sector. The other occurred, interestingly enough, the same Wednesday, when National Commercial Bank (NCB) announced that a glitch in its online payment systems resulted in Uber riders not being billed for using the ride-sharing platform, and the bank, after discovering the problem, had recouped the outstanding fees from customers in one fell swoop.
Of course, affected NCB customers took to social media to air their displeasure, with some going as far as to admit wrongdoing, yet blaming the bank for being heartless in going after the money all at once. The irony here is glaring, but that’s another topic for another time.
THE SILENCE EPIDEMIC
What I’m more interested in is a small but critical point made by Trevor Forrest of the National AI Task Force, that banks and businesses are shying away from reporting incidents of cybercrime and cyberattacks, out of fear that it will harm their image and, by extension, their profitability.
As we’ve seen, the threat of cybercrime now looms larger than ever as digital transactions have become as common as cash withdrawals. The dark side of this convenience is that highly skilled cybercriminals have organised themselves to take advantage of this trend, with devastating effectiveness. But if, as Forrest pointed out, businesses, especially banks – who are often the first to feel the sting of these attacks – are in fact hesitant to disclose incidents of cybercrime, then it is quite understandable.
From reputation management to fears of lost trust and potential legal ramifications under data protection laws, some banks may have decided to stay mum and prefer to address the matter quietly and internally. The problem, though, is that such secrecy might be one of the greatest barriers preventing law enforcement from effectively tackling these cybercrimes, as knowledge sharing, transparency and cooperation are essential for a united front.
For Jamaica to effectively combat the growing problem of cybercrime, our banks and businesses must be more willing to disclose cyber incidents in order to contribute to a national effort to outsmart and outmanoeuvre cybercriminals.
THE FEAR FACTORS: REPUTATION AND REVENUE
You see, banks, by nature, thrive on trust. Customers want to know their money and data are secure, and so for banks, a cyberattack isn’t just a technical breach; it’s a direct threat to their reputation. One widely publicised data breach can quickly translate to plummeting share prices, loss of client trust, and a devastating impact on the bottom line.
But if banks and businesses shy away from reporting incidents for fear that it will harm their image and, by extension, their profitability, they would potentially be denying law-enforcement cyber sleuths the key ability to access valuable data on how these crimes are perpetrated, what vulnerabilities are being exploited, and what is the profile of the victims and the perpetrators. This secrecy is exactly what cybercriminals count on. By concealing breaches, banks may unintentionally contribute to a culture of silence that benefits the very criminals they’re trying to protect against.
If cyber incidents go unreported, law-enforcement agencies like MOCA lack the data, insights, and awareness they need to identify patterns, track down perpetrators, and build robust defences for future attacks. In other words, keeping quiet might save a bank’s reputation in the short term, but it compromises long-term security for everyone.
CYBERCRIME: A US$6-TRILLION INDUSTRY
To understand the urgency of reporting, consider the staggering scale of cybercrime today. Globally, cybercrime costs an estimated US$6 trillion annually. These aren’t isolated incidents of rogue hackers; we’re dealing with a vast, organised industry, luring criminals from all walks of life with the promise of easy money. Who wouldn’t want a piece of that pie?
Cybercriminals, moreover, are constantly evolving in their techniques, tactics and technologies. From ransomware that holds entire systems hostage to phishing attacks that fool even the most cautious employees, their methods are diverse and ever-changing. For every new cybersecurity solution, there’s a new breed of malware waiting to crack it open. Law enforcement therefore needs comprehensive, real-time information to stay ahead of these threats. When banks choose not to disclose cyber incidents, they effectively take valuable intelligence off the table, allowing criminals to stay several steps ahead of us.
TRANSPARENCY: A POWERFUL DETERRENT
So, here’s a controversial idea: perhaps disclosing cyber incidents can actually work to a bank’s advantage. In an age where information leaks, whistle-blowers and disgruntled Uber riders can easily expose secrets, transparency might be the best defence. Rather than waiting for word of an attack to slip out, perhaps banks could be proactive, detailing how they handled the breach, how it was mitigated, and what customers should know. This communications strategy sends a powerful message to both customers and criminals, and builds trust among customers by showing that the bank is committed to accountability, transparency, and their safety, even in difficult circumstances. In fact, many clients would appreciate a bank that takes ownership of an issue rather than trying to sweep it under the rug.
THE PATH FORWARD: BUILDING A CULTURE OF TRANSPARENCY
The more banks and businesses disclose about cyber incidents, the better prepared we all are to defend against future attacks, and as we’ve seen, when law enforcement, business, and academia work side by side, it becomes easier to develop strategies based on real incidents rather than hypothetical threats.
Cybercrime is not going anywhere. And hoping it doesn’t happen to you or your clients isn’t quite the soundest strategy. Of course, staying silent is a tempting option. But we must look beyond reputation management and start to embrace a greater role for each of us in this national fight.
Major Basil Jarrett is a communications strategist and CEO of Artemis Consulting, a communications consulting firm specialising in crisis communications and reputation management. Visit him at www.thecrisismajor.com. Send feedback to columns@gleanerjm.com.