'There will be accidents ... in the cloud,' ECB warns

A senior official at the European Central Bank warned that banks embracing external data storage and other digital technology need to face an uncomfortable truth: there’s a good chance they’ll get hacked.

“There will be accidents, especially in the cloud,” Korbinian Ibel, a director general at the ECB’s supervisory arm, said in an interview. “It’s not that clouds are more vulnerable, they’re actually often better protected than in-house systems, but they’re seen as juicy targets.”

So far, Europe has been spared the kind of hack that hit Capital One Financial, which said last month that data from about 100 million people in the U.S. was illegally accessed. That may change as the region’s banks face increasing pressure to reduce costs with new technology and make up for the squeeze on revenue from lower interest rates.

European banks already use some services of companies like Microsoft and Amazon. Germany’s Deutsche Bank AG eventually wants to move the majority of its applications to the cloud — giant external data centers — from what it has called “expensive and inflexible physical servers.” For now, European banks tend to avoid putting “highly confidential data” on public clouds, said Ibel.

"You need a common understanding at board level of the needs and risks of IT.”

“We see the benefits” of cloud computing, Ibel said. “The rule is that the banker is always responsible for their data and services.”

Failings can have consequences. The ECB can tell riskier lenders to hold more capital, squeezing their returns, or order potentially costly qualitative measures such as improving how users access computer systems.

Banks have responded to the digital revolution by hiring tech experts, sometimes even naming them to their top management bodies. That’s good, but it doesn’t go far enough, said Ibel.

“It’s not enough to have one person as the IT expert,” he said. “You need a common understanding at board level of the needs and risks of IT.”

Bloomberg News
Data breaches Cyber security Corporate governance
MORE FROM AMERICAN BANKER