With an annual IT budget of more than R23-billion, Standard Bank Group’s IT estate is vast. It directly employs 5 500 people in group technology, nearly a thousand of which are dedicated to keeping the bank’s systems safe from malicious actors.
That’s according to Standard Bank Group CIO Jörg Fischer, who told TechCentral’s Meet the CIO podcast recently that security is a top-of-mind issue for Africa’s largest lender.
“If you look at cybersecurity, are we worried about it on a daily basis? Absolutely,” Fischer told Meet the CIO. “We spend north of R1-billion on cybersecurity. And even though we have quite a good in-house team, we also work quite a lot with partners.”
Standard Bank’s security strategy is built around the Microsoft security stack. Each of the group’s business units, including personal and private banking, business and commercial banking, corporate and investment banking, and insurance and asset management, have a dedicated chief information security officer (CISO), each of whom reports both into Fischer and the group’s risk and audit function.
Fischer said that although keeping its IT systems secured is an imperative for Standard Bank, there is an element of the unknown regarding cyberattacks that forces the company to focus on building contingency plans to minimise damage in the event that a breach does occur.
“I spend a lot of time with other CISOs internationally just to learn from their incidents because there is a lot of stakeholder management, regulatory management and so on. I ask those who have had breaches how they handled their particular situations,” said Fischer.
System stability
“If you had to ask me what keeps me awake at night, and it is a bit of a cliché, but it’s definitely cybersecurity because the thing is you just don’t know. There are most probably hundreds if not thousands of people on a daily basis trying to infiltrate your systems,” said Fischer.
When Fischer was appointed to the role of group CIO in 2022, one of his major tasks was to fix system outage issues that had plagued Standard Bank’s digital platforms in years prior. Fischer said most of these issues where due not to deficiencies in technology but rather linked to issues in integrating the over 2 500 applications used by the bank.
Read: Hey big spenders! How much SA banks invest in IT
“I tried to work on the people aspect and the culture. It was about giving the teams a comfort space to say we are actually one team, whether they work in this or that part of the bank, because we face the same issues.
“I found technology people often make innocent mistakes and then try and cover them up. So, it was about escalating fast and getting people to know what’s wrong by telling them about it [quickly],” said Fischer.
To solve the instability issues, he also brought more discipline to the day-to-day operations of IT employees. This included encouraging software engineers to take the administrative portion of their work, which many saw as drudge work, more seriously.
Fischer now runs weekly stability meetings where issues from the previous week are reviewed and lessons taken from them. He said changing the culture of these sessions from an accusatory one to a learning approach has been key to bolstering the bank’s systems over time.
Given the high number of third-party applications in Standard Bank’s ecosystem, keeping healthy relationships with vendors is important to Fischer, who regularly flies out to meet with heads of various international software vendors. – © 2024 NewsCentral Media
Don’t miss:
Meet the CIO | Standard Bank Group’s Jörg Fischer – mission-critical IT