The country's 28 percent banks have no preparation to handle a large-scale cyber attack, posing a huge security concern for the banking industry, a survey of Bangladesh Institute of Bank Management (BIBM) finds.

While 38 percent are fully ready, 34 percent are partially prepared, according to the survey titled “IT security of banks in Bangladesh: threats and preparedness”. 

BIBM's Associate Professor Mahbubur Rahman Alam presented the research paper—under which the survey was conducted—at a seminar at the BIBM auditorium in the capital.

Cyber system vendors were found to be major entities to commit a cyber crime as 27 percent of them were found to have breached safety arrangements.

Most banks relied on foreign sources to get their software, increasing chances of the information falling into the hands of hackers, said Yasin Ali, supernumerary professor of the BIBM.

Bank officials will have to be well trained before adopting cyber systems provided by vendors to avert security risks, he said. Most of the fraud activities were completed with the help of electronic delivery channels, such as mobile banking, ATMs and plastic card transactions.

Around 40 percent of the cyber crimes are found to be committed by the bankers and IT professionals.

Poor security and lack of monitoring aided the fraudsters while lack of awareness among employees is one of the major causes of cyber security risk.

When it came to IT security awareness among bank employees, some 18 percent were found to be “poor”, 12 percent “very poor” and some 29 percent “moderate”.

High-ups of banks were also found reluctant to spend money for IT security training.

Around Tk 2,035 crore was invested for IT systems in 2017, a majority of it was spent for procuring hardware and software while only 3 percent was spent for training.

Board members of banks are now showing more interest to spend money for developing knowledge on IT, said Helal Ahmed Chowdhury, another supernumerary professor of the BIBM.

He said bank employees have to be trained on fraudulence techniques to avert cyber crime risks.

All the investment will turn worthless if IT employees are not well trained, said Debdulal Roy, general manager of Bangladesh Bank.

Abu Hena Mohd Razee Hassan, former deputy governor of Bangladesh Bank, attended the seminar as the chief guest while Toufic Ahmad Choudhury, director general of BIBM, chaired the session.