How to minimise your risk in digital transformation

SecurityDigital is becoming central – not just to marketing, but to businesses’ operations and delivery.

Digital transformation can be a huge opportunity, increasing your relevance to consumers and your competitiveness. And traditional firms are realising that you don’t have to be a start-up to be a disruptor, and embracing new technologies alongside their newer competitors.

But a digitally-enabled approach brings with it risk – not least the threat of regulatory breaches.

Here we explore how you can exploit digital transformation in banking without succumbing to the pitfalls.

Transformation is unavoidable

Firms that want to compete need to embed a digital approach – whether in terms of marketing and communications, back-office operations, or both.

A recent report from Deloitte identifies four key drivers of this transformation:

  • The exponentially growing use of smart devices
  • Changing customer expectations and demographics – we’ve looked before at the way customers are driving digital disruption
  • Increased penetration of internet access, and faster access
  • Technological innovations and a desire to harness advanced technologies

Keeping pace with this change is essential. Even though this may seem more complex if you work in a regulated sector, there are ways that regulated firms can adapt for the digital age.

Defining digital transformation

As the Deloitte report points out, the term means different things depending on your role in the organisation and your objectives.

  • From a strategic – board-level or company-wide – point of view, it means establishing a digital vision and strategy.
  • From an operational perspective, it’s all about identifying those involved in delivering services and the tools needed to do so.
  • And from a programme management angle, it’s focused on timely and cost-effective implementation.

For each of these groups and objectives, digital transformation brings different risks.

  • Strategically, risks relate to creating the right selection process; setting priorities; and ensuring that disruption to service is minimised.
  • Implementation risk involves putting in place a risk-based approach to technology, operations, vendors and issues around security and robustness. Marketing activity will often fall under this umbrella – defining approaches to digital marketing platforms like social media, for example.
  • Programme management risk majors on implementing processes to ensure that any interdependencies or related business areas are captured in digital projects. It means creating a risk management framework for the business that can be used for future initiatives.

Beyond traditional risks

The move to digital brings with it threats that extend beyond areas that Marketing teams might typically consider.

Cybersecurity is one, with reviews of your current approach and security robustness an essential first step.

This will ring bells, as it was only last month that the GDPR came into effect, forcing marketers to revisit their approaches to data security and processing. With its focus on compliant consent and transparent data handling, the regulation puts cybersecurity under the spotlight.

Digital ‘resiliency’ is also singled out – as technology becomes more embedded and relied upon, it becomes increasingly vital that systems and solutions can be relied upon.

Identifying and mitigating digital risks

The report identifies 10 specific areas of digital risk:


Encompassing the potential for losses due to technology failures or obsolete technologies. It means ensuring your chosen technologies are scalable, in case you want to expand their use, ensuring they’re compatible with existing systems and that they work in the way they should.


Firms need to protect their digital assets from unauthorised access/usage. Confidentiality needs to be assured – as above, this is particularly salient in light of the strict GDPR requirements. 


These might include external forces that require a change in the organisation’s direction – changes in the regulatory landscape or competitive environment, for instance. This may impact its investment in new technologies, and can also affect brand value and reputation.


Threats here might include any event that prevents or limits an organisation’s ability to deliver on its objectives. Key areas relate to data classification, data retention, data processing and data encryption.

If your marketing relies on a central CRM system, for example, and it goes down, can you continue to deliver marketing campaigns that provide GDPR-compliant and FCA-compliant audit trails? 


Marketing is typically a big user of outsourced providers. Whether creative agencies, marketing-related systems providers or other third parties, you need a tight handle on any outsourced providers you use. 

The FCA has strict rules around approaches to outsourcing. Any vendors and your processes for engaging with them must meet FCA standards.


Privacy risk comprises any liabilities arising from inappropriate handling of personal and sensitive personal data of customers/employees. Again, the strict data processing rules brought in by the GDPR will be a key consideration here.


This covers the digital environment’s ability ‘to enable investigation in the event of a fraud or security breach, including capturing of data evidences which is presentable in the court of law’. Whatever technologies you employ, they need to create an audit trail that’s acceptable to the FCA. This is also highly applicable under GDPR, where data breaches need to be reported promptly to the ICO.


Digital technology brings regulatory as well as practical risks. You need to ensure your approach complies with legislation specific to the technology and to your sector. Often, this holds back a firm’s innovative aspirations – it’s been suggested that professional services marketers aren’t making the most of digital. If your firm falls into this camp, our blog on How to innovate in a compliant way has lots of advice on how to up your game.


Increased dependence on technology means an increased threat of business interruption should it fail. Organisations need to consider areas like business continuity, IT/Network disaster recovery, cyber resiliency, and crisis management.

The Deloitte report – which you can read here has more detail on these risks, and advice on how they can be mitigated.

The march towards digitalisation is just one of the ongoing changes to the Marketing Manager’s landscape. With new rules, guidance and innovations, your working environment is constantly evolving; keeping up can be a challenge.

To read more on your ever-changing challenges and identify strategies to tackle them, you can download our whitepaper, The changing role of the financial services Marketing Manager. It’s free and you can get a copy here.

Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.

New Call-to-action