Latin America’s banks should prioritize the use of innovative technology to secure themselves against cyber risks, the Organization of American States has said. That includes big data, machine learning and cognitive computing, the OAS said in a report on cybersecurity in banks in Latin America and the Caribbean, released last week.

Roughly half of Latin American banks are already making use of emerging technology to boost cyber defenses, according to a survey of 187 institutions. Three-quarters of the biggest banks are putting such tools to work.

Some 29% of the region’s banks mine big data and 24% make use of machine learning tools in their digital security controls. Small numbers are also making use of cognitive computing, internet of things technology and blockchain for cybersecurity, according to the OAS’ study.

Such tools have “important potential” in detecting and preventing risks, the organization said.

Frequent attacks

The push towards more sophisticated technology to combat cyberrisks came as part of a broad survey on cyber preparedness at Latin American banks. Nearly all banks that participated in the survey – 92% – had identified a digital attack, successful or not, against their institution.

“Every day a greater number of clients of the financial sector are users of electronic banking, they carry out transactions by Internet or payments through mobile devices,” said Luis Almagro, secretary general of the OAS (pictured). “This adaptation of the business models and the exploitation of digital channels aim to make the most of the advantages of technologies, the flip side of which is the appearance of new risks that must be prevented in order to mitigate possible attacks and fraud situations to which the sector is currently exposed and, of course, its users.”

Despite the prevalence of attacks, the survey also found that banks, in general, are spending lightly on cybersecurity: 61% of the region’s banks spent less than 1% of revenue (ebitda) on information security, cybersecurity and fraud prevention. A third spent between 1% and 5% of ebitda, while 5% of respondents said they spent more than that. Bigger banks allocated larger proportions of ebitda to cyber resilience.

On average, banks each spent close to USD 2 million in 2017 responding to and recovering from digital attacks, although the figure varied a lot by institution.

Read also: Banks bulk up cybersecurity as sophisticated threats reach LatAm

Cybersecurity investment needed

Of those surveyed, 60% said that convincing senior executives on the merits of greater investment in cybersecurity was “moderately complex”, the report said. The OAS urged senior executives to rethink their approach.

Banks should establish “as precisely as possible” the return on investments in cybersecurity, by calculating the cost of digital security incidents, the OAS urged. (The organization calculates that the RoI is, on average, around 24%, based on the survey data).

Additionally, executives should “communicate strategically to senior management and government bodies that the resources allocated to digital security are not a cost, but really an investment and that protection against digital incidents should be an integral part of the business strategy,” the OAS said.