Like the rest of the industry, the pandemic has radically changed our daily operations, and it is really important we acknowledge the high cost of the crisis to many individuals and the wider society. From a customer perspective, there is less cash being spent, fewer branch visits, and much more online activity, as well as a big uptick in requirements for payment holidays, loan holidays, and requests for government schemes. We have as many colleagues as possible working from home, but we also have a proportion of staff who cannot work from home. With many of our colleagues self-isolating, this has meant that some colleagues who are able to staff the branches and call centers have had to learn new skills very quickly to be able to keep serving customers’ evolving needs. In cybersecurity, we have learned to stand up processes to assess new risks (like wide scale remote working) and implement new controls to mitigate them in a remarkably short span of time. We do not see this situation resolving itself in the short term, at least until there is a widely available vaccine or other scientific breakthrough. We must continue to cross-skill our employees into new areas to be more agile and adaptable to the changing landscape.
Luckily, we are well-positioned to do just that. As our CEO António Horta-Osório articulated in his speech at the Sibos conference last fall, our current strategic plan is squarely focused on investing in our talent to arm them for the future. Lloyds is a 325 year-old institution, but over recent years we have begun to invest more and more in the technologies we will need to thrive in a digital world. We are now the UK’s largest digital bank, with 13.4 million digital banking customers. As António says, “At Lloyds we believe machines should do the ordinary, to enable people to do the extraordinary.”
While we are still very much on this transformation journey, having this mindset already established within the firm set us up for a quick response to the COVID-19 crisis where we’d already started to increase digitization and underscored the need for it on some of our legacy systems. For example, we’d already begun to introduce automation and robotics in our identity and access management systems over the last 18 months which has helped us tremendously during this time, and now we’re going to apply those learnings to other areas of cybersecurity.
There is no doubt that COVID-19 served as an accelerator to our digital transformation. We are now reflecting on the learnings we can take away from this time and consider what we might do differently and what the new normal may look like, so that we can be even better prepared for the next challenge and increase our operational resilience. For example, if we had implemented some of the programmes we have already designed and developed such as our strategic authentication programme, we may have been able to realise some of the benefits sooner.
What is certain is that the future will bring even more upskilling and cross-skilling of our colleagues, in many different areas. For example, in the past, typically branch staff would be highly specialised as customer service reps, tellers, general advisors, and mortgage and small business advisors. In the future, we see more people performing multiple functions, even taking calls from customers outside of the branch so we can best utilise their general banking knowledge.
Cybersecurity is also a key area where we are looking to build capability across the firm. Key areas of focus for us include:
The rapid changes to products, services, and operations brought about by COVID-19 have reaffirmed for us that our strategy of investing in our people is the right one. Because the mindset of growing the skills of our in-house talent was already established, we were able to upskill and cross-skill our colleagues to serve our customers more quickly during the pandemic. Cybersecurity is a priority area of skills investment for the firm. Going forward, key areas of capability-building in cybersecurity include cloud, security operations, and third-party assurance.
© 2021 FS-ISAC, Inc. All rights reserved.
Sharon was appointed Chief Security Officer for Lloyds Banking Group in September 2017, and heads up the Group’s Chief Security Office division who are responsible for cyber, physical and information security activities....Read More
More recently Sharon has also been leading operational resilience strategy and implementation for the Group, working closely with regulators and government. She is also leading the Group’s incident response to the Covid-19 crisis. Sharon sees her team’s role as a key enabler for the Group strategy, ensuring the transformation and digitisation of the Group creates a secure and resilient bank for our customers, and which will ultimately help Britain prosper. Sharon has held senior roles across the Group in IT, Security, Risk and Major Programme Delivery.