The banking sector's cybersecurity measures hardly saw any reinforcements despite being struck by one of the biggest cyber heists in history two years ago, displaying the stakeholders' casual attitude towards the rapidly emerging threat.
As many as 68 percent of the banks do not have any IT governance framework, while 78 percent do not have a data leakage prevention system, found a survey conducted by the Bangladesh Institute of Bank Management.
Eight percent of the banks have still not initiated the implementation of IT governance, while 60 percent have but they do not have a definitive completion date.
A lack of understanding on IT governance among the top managers and directors is responsible for the poor implementation record of IT security, said the paper titled 'IT Operations of Banks'.
Shihab Uddin Khan, associate professor of the BIBM, presented the paper at a workshop at the BIBM auditorium. Abu Hena Mohd Razee Hassan, deputy governor of the Bangladesh Bank, was present.
Banks should give proper attention to the matter, it said.
The survey found that 60 percent of the banks had updated their cybersecurity policy in 2017, in contrast to 73 percent in 2016.
However, training for cybersecurity awareness increased as banks realised that IT training is vital for their survival.
Last year, banks trained 97 percent of the employees, up from 84 percent the previous year, according to the survey.
IT investment last year increased 13.49 percent to Tk 2,035 crore.
Of the sum, 36.5 percent went towards procuring hardware.
Higher IT investment will reduce the cost of business, said Abul Kashem Md Shirin, managing director of Dutch-Bangla Bank, while citing his bank as an example.
Dutch-Bangla's cost of fund has been the lowest among banks as it maintains low-cost deposit accounts.
People are more interested in keeping money in savings and current accounts, which cost banks less because of IT facilities, Shirin added.
Banks are still reluctant to spend more for training purposes, said Helal Ahmed Chowdhury, former managing director of Pubali Bank, while sharing his managerial experience.
The banking sector lacks in-house IT audit.
“Banks still float international tenders for IT auditing,” said Chowdhury, also a supernumerary professor of the BIBM.