According to Accenture’s latest Banking Consumer Study, which surveyed 49,000 respondents across 39 countries, 58% of banking customers express concerns about the security of their personal and financial data, especially when banks offer tailored products and services. A key factor fueling these concerns is the ability of banks to secure data within their third-party relationships and across the broader banking ecosystem. While 81% of customers believe their bank excels in areas such as data security, fraud protection, and privacy, trust wanes significantly when it comes to other banks, technology vendors, and various banking service providers within the supply chain. The study reveals that trust in these external parties plummets by more than half (Figure 1).
Consumers’ Trust in the banking system
This highlights a significant gap in consumer trust regarding banks’ critical third parties and the broader banking ecosystem. Furthermore, our Guardians of Trust Survey reveals that banks must enhance transparency around their data security practices. Currently, only 28% of customers believe their bank effectively communicates its cybersecurity efforts.
Security integration trails technology adoption.
Although banks have increased their cybersecurity investment by 140% over the past two years, their growing reliance on external vendors and open banking frameworks introduces new risks, leaving customers feeling inadequately protected.
Trust in banks is strong, but trust in the banking system is fragile.
The situation is further compounded by banks’ increasing reliance on a diverse range of third parties to accelerate innovation. As they race to adopt new strategies in both back-office operations and customer-facing services, banks often prioritize speed to market over collaborating with third parties to integrate robust cybersecurity measures. With the rise of AI adoption, ensuring security is woven throughout the entire lifecycle of AI-powered services has become even more critical. According to our Guardians of Trust Survey, 83% of 600 global banks report struggling to align security protocols with the rapid adoption of technologies like generative AI.
Adding to the challenge is the growing volume and complexity of cyber threats, particularly AI-driven attacks. Deepfakes targeting customers and employees have surged by 243% over the past year, now emerging as the most common threat faced by banks. With 85% of these attacks attributed to cyber criminals, the rising risks associated with generative AI are becoming an increasingly urgent concern.
The compliance mindset
Compounding the issue, many banks’ executive leadership treats cybersecurity as a compliance requirement rather than a strategic enabler critical to fostering customer trust. While banks are directly overseen by regulators, their third-party vendors face far less scrutiny. However, even though banks outsource services, they cannot outsource the risks associated with those services. This forces banks to continuously monitor and manage risks linked to activities outside their control and visibility, often leaving them unaware of the full extent of exposure. As a result, bank management frequently views cybersecurity as a necessary burden that drives up costs and hampers progress—despite the fact that strong security can enhance efficiency and build trust with customers.
These challenges hinder banks from delivering what matters most to their customers: transparency in how their data is protected and consistently secure, data-safe experiences across the entire supply chain. According to recent data, 74% of banking executives struggle to maintain digital trust amid rising fraud risks, and only 40% of customers fully trust their bank to be transparent.
What’s at stake?
A single data breach can swiftly undermine years of trust that banks have diligently built with their customers. Our research shows that 62% of customers lose confidence in their bank after a breach, and 43% choose to disengage entirely.
However, banks that proactively embrace their role as guardians of trust—making security a cornerstone of their strategy—illustrate how robust cybersecurity can drive both trust and growth. These leaders experienced 58% fewer data breaches over the past three years and achieved 1.5 times higher customer retention rates.
Yet, only a small subset—approximately 10% of the banks surveyed—implemented the 58 essential cybersecurity best practices identified by Accenture to build customer trust. Based on our research, we distilled three critical actions for banks to close the trust gap:
- Proactively Communicate Transparent Cybersecurity Practices: Banks must communicate openly with customers about their responsible cybersecurity practices, both within the bank and across the supply chain. Transparency should be integrated throughout the customer lifecycle. Demonstrating how data is protected at each touchpoint and offering ways for customers to strengthen their security—such as dynamic personal cyber risk scores—will empower customers to stay on top of their cyber hygiene. Additionally, educating customers about emerging threats like deepfakes is essential. Ensure data-handling processes and adherence to security governance, risk, and compliance standards are embedded from the start of each project.
- Embed Cybersecurity at the Core of Customer Experiences: Over half of banks report that customers expect secure, personalized services across all platforms. Yet only 12% of banks comfortably meet this demand without compromising security. In today’s fast-evolving tech landscape, it’s crucial to embed strong cybersecurity at the core of customer experiences, with shared accountability across teams and throughout the supply chain. Close collaboration with technology, business teams, and third parties is essential to prove that security not only protects but strengthens business practices, fostering customer acquisition and retention. Establish a secure digital core with robust cloud configurations, use new data sources for continuous third-party monitoring with proactive threat intelligence and risk scoring, and implement adaptive authentication.
- Empower the Entire Ecosystem to Combat Advanced Threats: From leadership to frontline employees, everyone in the ecosystem—including third parties and customers—must be empowered to detect and counter advanced threats like deepfakes. With 85% of deepfake attacks attributed to cyber criminals, proactive workforce empowerment is critical. Equipping employees with training and AI-driven threat detection tools will significantly reduce risks and improve overall security posture.
About the Guardians of Trust 2024 Survey
To inform this research, we conducted two surveys in October 2024: a consumer survey of over 1,400 banking consumers from 17 countries and a banking survey of 600 security executives from banks with assets exceeding US$50 billion across the same 17 countries.
The countries included in the surveys were Australia, Brazil, Canada, Germany, Spain, France, India, Italy, Japan, Mexico, Singapore, Saudi Arabia, South Africa, the Netherlands, UAE, the United Kingdom, and the United States.
The maze of cyber security solutions
Another challenge facing cybersecurity officers in banks is the overwhelming number of solutions available on the market. New tools and technologies promising protection against cyber threats emerge daily. However, determining which of these solutions are suitable and how they can be integrated with existing systems can be a daunting task.
Thorough evaluation and strategic planning are crucial. Solutions should not be acquired impulsively but instead selected based on the bank’s specific needs and their compatibility with current systems. Additionally, proper staff training on the effective use of these tools is essential for ensuring maximum protection.
Frequently Asked Question
What is the “Guardians of Trust” report, and why is it essential for the banking sector?
The Guardians of Trust report explores how banks can enhance cybersecurity practices to build and maintain customer trust. It provides insights into the evolving threats banks face and offers strategies for improving data protection, fraud prevention, and overall security governance.
How has the role of cybersecurity evolved in the banking industry?
Cybersecurity in banking has shifted from a reactive function to a proactive, strategic enabler. As digital banking and third-party services expand, robust cybersecurity practices are now essential to customer trust, regulatory compliance, and operational efficiency.
What are the most significant cybersecurity risks facing banks today?
The most significant cybersecurity risks include data breaches, ransomware attacks, third-party vulnerabilities, and emerging threats such as AI-powered deepfakes. These risks jeopardize customer data, bank operations, and overall trust in the financial system.
How do third-party vendors contribute to cybersecurity challenges in banking?
Third-party vendors can introduce security gaps if their cybersecurity practices are not closely monitored and aligned with the bank’s policies. As banks rely more on external vendors and open banking frameworks, these vulnerabilities increase the risk of data breaches and other cyberattacks.
What actions can banks take to strengthen customer trust in their cybersecurity practices?
Banks should proactively communicate their cybersecurity efforts, embed security throughout the customer lifecycle, and ensure transparency about data protection practices. Additionally, integrating robust security measures into all customer-facing products and services is essential.
How can banks balance innovation with cybersecurity concerns?
While adopting new technologies like AI and digital banking services, banks should ensure security is integrated from the outset. Collaborating closely with internal teams and third parties and using continuous threat monitoring and adaptive authentication helps balance innovation with robust cybersecurity.
What role does employee training play in enhancing cybersecurity?
Employee training is critical in empowering staff to recognize and respond to cyber threats. Regular training, especially around new threats like phishing and deepfakes, ensures that employees can contribute to maintaining a secure environment.
Conclusion
Mastering cybersecurity in the banking sector is no longer just a technical requirement; it is a strategic imperative for building and maintaining customer trust. As the financial landscape becomes more interconnected and technology-driven, banks must prioritize robust cybersecurity practices to safeguard customer data, prevent fraud, and mitigate the growing risks of cyberattacks. The Guardians of Trust report highlights the critical need for transparency, proactive communication, and the integration of security at every level of banking operations—from back-office systems to customer-facing services.