The year 2022 witnessed a surge in data breaches, leaving individuals and organisations reeling from the damage inflicted by cybercriminals. According to IBM’s “Cost of a Data Breach 2022” report, the average cost of a data breach reached $4.35m in 2022, marking a 2.6% from the previous year, when it amounted to $4.25m.

Over three quarters (83%) of organisations – not just banks – reported more than one data breach in 2022, while 60% said breaches led to increases in prices passed onto customers.

For that reason, GlobalData forecasts the global cybersecurity market will be worth $334bn by 2030, growing at a CAGR of 10% between 2022 and 2030. Software-based cybersecurity products will be the largest market segment, accounting for 44% of total revenue in 2030, with services contributing 39%.

Shoring up defences against data breaches can be challenging when current tech stacks cannot do the job, says Saswata Basu, CEO & founder of Züs.

His company uses private sharing technology to ensure complete privacy and security by dividing files into fragments, which are encrypted and then distributed among multiple storage providers.

Q: What are common vulnerabilities in the banking sector, and how do cybercriminals exploit that from your knowledge?

There are a couple of ways to exploit the sector. First, the user data is not encrypted, so certain individuals can see the data. People working for a bank, let’s say, could see the data because it’s not encrypted, and the user does not own it.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Retail Banker International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Breaches often occur due to human error. For example, suppose someone falls for a phishing email and clicks on a link. In that case, they may inadvertently download a code that can extract information from their computer or allow unauthorised access.

The other option is an employee accessing an account with a vulnerable ID or password.

Q: How do you assess the impact of data breaches on banks and other financial institutions?

Lawsuits, especially civil lawsuits, could result in financial consequences. However, the greater harm is the damage to the bank’s reputation due to the data breach. This can lead to a loss of trust among customers, causing them to switch to other banks.

Generally, it’s not good for the long-term brand image if there’s a breach and you’re the trusted bank locally or nationally.

When it comes to technology, banks usually respond promptly to address any breaches. However, they are currently unable to do so with their existing technology. They may need to adopt new technology since the traditional data storage architecture is in one place and offers no encryption. And even where server site encryption exists, it can be compromised.

Q: You’ve mentioned lack of encryption as one of the reasons behind data breaches. What can banks do more specifically to combat data breaches and protect customers?

I mean, there isn’t a good solution out there. Which is something that we are working on. Once we have the solution, then banks and other financial institutions can use it.

It essentially consists of giving control of the data to the user. The user owns the data, so even if the breach happens at the server location, the data is not out there in the open and can only happen to one person. Therefore, fraudsters can only hack one victim, but the data breach cannot affect others.

Ownership and data encryption – the user should encrypt and privately share the data with the bank. Let’s say I am a bank customer – I would encrypt my data and then share it with the bank so that they can use it for their processing purpose or KYC or what have you.

That is the model we envisage – the new model that we are doing. If you look at our Vult app, which is a data storage app (similar to Dropbox or Google Drive or One Drive), it gives the user ownership and control of data, and the user then decides whether to encrypt or not. If they encrypt it, they can share the data, whether it’s with the bank or anyone else. That way, you are preventing the hacker from breaching the central database of a bank, and if they do that, they only see encrypted data.

We also fragment the data. One thing is to fragment the data into pieces so that even if you hack one server, you cannot get all of the data, and that’s how you do it – we do not replicate or make copies.

Data erasure is a technology different from replication, where you copy the data. Copies are vulnerable because you identify the weakest link and try to get that copy from a data breach.

Q: And you’re the founder and CEO of Zus and have been working in the field of data privacy for a long time. How receptive are companies at the moment to your solution?

I think they would definitely want to have a privacy solution – if you look at, let’s say, Apple, that’s what their brand is. But how do you get to that level? It’s not easy to have that structure built into the organisation, and it’s difficult to do that. You need to have discipline because you’re protecting a centralised server that can be easily hacked.

If you replicate data – which most companies do – you must also protect them in those places. It’s difficult, and there are no solutions today.

Once we have the solution, we will see whether they are willing to adopt it. Because of our technology, we make it simple to people to adopt them without having too many structures in place.

Q: When thinking about the crypto world, many crypto platforms have become the subject of massive heists lately, with hundreds of millions of dollars stolen in crypto coins. Do losses and recovery differ in the crypto world? Can the crypto world adopt solutions that banks and other institutions should consider?

There are two types of protections. One is for protecting coins – that is your assets. Then you have protection for data assets. You can encrypt data assets if you want or stripe the data across servers so that only a piece of data can be hacked. It’s hard to hack all pieces of data because you have to reach all servers. Let’s say I have the data in 15 servers – you cannot hack all fifteen; you can hack only one or the weakest one.

And in terms of currencies, we use split-key technology, which is a serverless technology. It splits the private key into two parts, and you keep one part on your phone and the other on your laptop. The transaction can only go through if the two keys are combined to form the original key.

So if a hacker were to hack your phone and get the private key of that phone, it wouldn’t work. That’s something we do without using ledger or hardware key like ledger. Those are the measures of protection we employ in the crypto world.

So that’s something we are awaiting and hopefully can become the standard in the future. We talked to several companies, and they are excited to have that kind of technology instead of hardware technology.

Q: What do you think it’s needed to face future challenges? 

The way to protect against data breaches is complete data ownership.

The way our tech works is we generate the user who owns the data encrypts the data, and then generates a proxy key for the recipient of the data. So if you’re the bank and your public key is well known, then you basically can send that information to the bank by using the public key and not trust anyone with that public information.

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up