APAC Banks Say They Will Stop Doing Business with Suppliers that Fail Cybersecurity Audits

Abstract building detail
Radial circle

SINGAPORE — 9 May 2017


  • In a FICO survey, three in four senior fraud managers at banks in Asia Pacific said they will stop doing business with suppliers that fail cybersecurity audits
  • Four in ten respondents from the survey said they currently conduct supplier audits, however this is expected to rise in the next year.
  • Large retailers were nominated as the greatest data breach risk (84%) in 2017, with telecommunications companies ranking second (70%)
  • Half of respondents reported their cybersecurity budget increased at least 10 to 25 percent over the last twelve months

For more information: http://www.fico.com/en/products/fico-enterprise-security-scoring

Banks across the Asia Pacific region will stop doing business with suppliers that fail cybersecurity audits, according to a recent poll by FICO. Three in four senior fraud managers surveyed said that they would be concerned enough to stop working with a partner, while another 16 percent said they weren’t sure if they would continue working with them. Only 8 percent of fraud managers said they would definitely continue doing business. While the auditing of business partners and their security capabilities is a relatively new practise, four in ten respondents confirmed they were already actively engaged in the process.

“We expect cybersecurity audits to become commonplace in 2017,” said Dan McConaghy, president for FICO Asia-Pacific. “High profile fraud cases, such as the Bangladesh Bank heist where USD$81 million was stolen, illustrate the importance of banks running audits on their own networks as well as those of their partners. However, due to the complex ecosystem of relationships with other businesses that banks have we are seeing the audit tools evolve. While formal audits remain important, they can be lengthy, intrusive, and expensive. They also only offer a snapshot of the cybersecurity picture for a moment in time. We are seeing a need for monitoring tools that allow for ongoing assessment between these audits to strengthen the IT ecosystem and make a substantial impact on the cyber breach problem.”

In October 2016, FICO announced the launch of its FICO® Enterprise Security Score, a cybersecurity risk rating that subscribers can use to evaluate the risk of their own network and their business partners’.

“The score was created by analyzing networks that have been victimized by a cyber-attack,” explained McConaghy. “This allows FICO to understand the conditions and behaviors that are precursors to impactful security events. Company networks can then be measured against the indicators that are most predictive of an increase to the likelihood of a material data breach.”

FICO’s poll revealed that bankers nominated large retailers as the greatest data breach risk (84%) in 2017, with telecommunications companies ranking second (70%). These numbers were up significantly on last year’s poll, showing some consensus on which industries remain the largest targets for cybercriminals.

E-commerce has created low hanging fruit in the form of vast stores of unprotected sensitive personal data that can be used to steal identities,” explained McConaghy. “In Asia Pacific the problem is compounded by the huge growth in sales, poorly protected companies and a lack of disclosure.”

Respondents to the survey were anxious to prevent cybercrime at their banking institutions, with 65 percent saying that it will be their key focus in 2017. The biggest obstacle identified by the fraud executives in fighting cybercrime was that siloed operations prevented the flow of information and worked against a coordinated response. Nearly half of respondents identified cybercrime as having the largest potential financial impact on their organisations, and said they had already increased their cybersecurity budget at least 10 to 25 percent over the last 12 months.

“APAC banks want to ensure that the digital economy will continue to thrive,” said McConaghy. “FICO is bringing its proven self-learning analytics from payment card security over to protect the enterprise from unknown breaches in real time. In addition to protecting themselves, we’ll see more banks initiate cybersecurity audits, and as they become more selective avoiding to do business with vendors and suppliers that return ‘fail scores’ on cybersecurity.”

The survey was conducted at the annual FICO Asia Pacific Fraud Forum held in Cebu, the Philippines. A total of 37 executives from financial institutions across the region participated in the survey. 

About FICO
FICO (NYSE: FICO) powers decisions that help people and businesses around the world prosper. Founded in 1956 and based in Silicon Valley, the company is a pioneer in the use of predictive analytics and data science to improve operational decisions. FICO holds more than 170 US and foreign patents on technologies that increase profitability, customer satisfaction and growth for businesses in financial services, telecommunications, health care, retail and many other industries. Using FICO solutions, businesses in more than 100 countries do everything from protecting 2.6 billion payment cards from fraud, to helping people get credit, to ensuring that millions of airplanes and rental cars are in the right place at the right time.

Learn more at http://www.fico.com

Join the conversation on Twitter at @FICOnews_APAC

FICO is a registered trademark of Fair Isaac Corporation in the U.S. and other countries. 

Neil Mirano
Rice Communications for FICO
+65 3157 5680
Saxon Shirley
+65 9171 0965

Media contacts


Greg Jawski

Europe, Middle East & Africa

Darcy Sullivan

+44 (0) 209-940-8719

Asia Pacific

Saxon Shirley

+65 6422-7795

Latin America

Marisa Arribas

+1 786 482 7231

América Latina

Milla Delfino

+55 11 97673-6583

Take the next step

Connect with FICO for answers to all your product and solution questions. We look forward to hearing from you.