Banks are increasingly relying on outsourcing for cloud computing, which may become a potential vulnerability if adequate precautions are not in place.
The BOK (Bank of Korea) has revealed in its annual financial IT development survey report that total spending by 19 Korean banks reached KRW 259 billion (USD 218 million) for 2018, which was up 5 percent from the previous year.
The spending represents around 1 percent of total operating expenses, or 10 percent of total IT spending.
“The banks’ increased investment in cybersecurity to strengthen preparedness and decrease cyber risk is credit positive for the banks and system stability,” Moody’s Investor Service said.
The rating agency noted that improvements in banks’ IT capabilities are partly the result of FSS (Financial Supervisory Service) guidance, which require them to maintain an IT workforce at 5 percent of total employees, and to allocate more than 7 percent of their IT budgets to data protection.
The BOK survey also revealed that in 2018, the total IT spending of the 19 banks was KRW 2.6 trillion, up 10 percent from 2017, with the number of IT personnel rising 3.6 percent. IT professionals specialised in data protection rose by 2.3 percent.
However, Moody’s says a gradual increase in banks’ reliance on outsourcing may become a potential vulnerability if adequate precautions are not in place, such as database encryption.
“Banks’ reliance on external vendors for IT will continue to rise because of the increase in cloud computing usage,” Moody’s said. “Strength of a bank’s cyber risk defences and prevention of customer information breaches may be limited to the weakest link of the banks’ suppliers.”