Skip to main content

The onset of digital age has given rise to a new breed of banks called challenger banks, also known as Virtual Banks (VB) or NeobanksThey are mobile-first businesses that offer the same services as a traditional bank without the need for a customer to visit a physical branch. Convenience is at the core of these banks who are using this narrative to lure in customers. That said, a challenger bank’s IT infrastructure is missioncritical to its survival since shifting to manual processes is not an option in the absence of a physical location. With an increasing number of cyber-attacks, maintaining a constant uptime has never been more difficult.  

Here are a few areas where challenger banks should focus their cybersecurity efforts to prevent financial losses and customer dissatisfaction. 

An average enterprise uses 1,295 cloud services 

In the absence of legacy systems, challenger banks are adopting a cloud-native approach to accelerate their development lifecycle and for storing large quantities of data. This is both cost-efficient and reduces time-to-market for new feature rollout. Following an asset-light approach, banks outsource their cloud architectures to hybrid or public Cloud Service Providers (CSP).  

The scalability and convenience of using a third-party cloud service provider is not free from risks. At times when the CSP’s plug-and-play products are not adequately tested and adapted to the company’s security policies, they are left with vulnerabilities that are unknown to both the CSP and the bank, which can expose a challenger bank’s IT systems to bad actors such as hackers. To mitigate this risk, banks are aligning their cloud environments with cybersecurity frameworks and performing recurrent security assessments. 

Customer resentment caused by infrastructure outage hits hard 

A digital bank is only as strong as its IT infrastructure. Any downtime can cause resentment among customers who may start exploring alternatives thanks to low switching costs and strong marketing campaigns by other contenders. Therefore, challenger banks aim to select the most trusted cloud service providers for their business. As per Zdnet, all top cloud serviced providers are global players. While using a CSP with a global footprint, challenger banks must ensure compliance with cross-border data transfer laws (GDPR, PDPO) which apply to their jurisdiction. Digital banks must obtain independent regulatory approval during the design phase to assess the data flow across the organization. 

More integrations, better product, higher security challenges 

With the cloud service provider selected and data flow mapped out, the next concern is to control the access of data within the organization. To make its offering competitive, a digital bank aims to embed eKYC providers, digital wallets, and other merchants.  A 2021 report by Gartner highlighted that 71% of organizations saw a significant increase in third party vendors in the past three years. Handling so much data and its access can be a daunting task for banks who should adopt identity and privileged access management best practices customized to their needs. 

There are many more considerations that cybersecurity heads at challenger banks can lose sleepover, and the ones highlighted here serve as a starting point to a more comprehensive cyber strategy. Different banks may face different risks, but one thing is for sure: as bad actors get creative with their tactics, digital-native banks should treat cybersecurity as a continuous function embedded within a culture that strives for constant improvement. 

For more information and inquiries about cybersecurity insights, contact us at 




Leave a Reply