Allied Irish Banks
Developing a strategic cyber security partnership to drive growth
Tags
Allied Irish Banks (AIB), one of Ireland’s major retail banks serving personal, business and corporate customers, offers a growing range of innovative, digital services for customers. To keep these services secure and future-proof the bank for growth, AIB needs to continually strengthen its cyber security stance. There was an opportunity, in change of contract, for the bank to take a new and innovative approach through the appointment of a strategic partner.
Working jointly as one team with AIB, we defined required capabilities for developing a world-class, next-generation Security Operations Centre (SOC). The SOC is built around systems that are secure by design, processes that encourage compliance and people with a cyber-savvy mindset. AIB are now well positioned to appoint a new supplier that will enable them to meet the cyber security challenges of today and transform their cyber security capabilities for the future.
Key successes
- Enabled AIB to choose the right strategic partner to develop future cyber security capabilities over the next five to seven years
- Designed an innovative procurement process to enable AIB to test the cultural fit of bidders as strategic partners
- Brought cyber security best practices from across sectors to define the vision for a next-generation SOC
- Successfully delivered 16 supplier selection workshops, pivoting rapidly to develop a virtual solution in the face of COVID restrictions
Seizing the opportunity
Online and mobile banking services make managing our money more convenient. But as we take advantage of digital services, we also create new opportunities for cyber criminals to steal our data and our cash. Today’s digital-leading banks, like AIB, which have a strong customer service ethos and ambitious plans to continue to grow their digital capabilities, need to work ever-harder to keep services secure.
With the contract with its existing SOC provider coming to an end, AIB needed to appoint a new supplier to stay ahead of the evolving risks and future-proof the organisation for growth. We saw an opportunity for the bank to take a new innovative approach through the appointment of a strategic partner. The partner would not only run the SOC but help develop the bank’s own cyber security capabilities.
We worked with AIB to design a supplier selection process that would enable the bank to get this important decision right and identify a partner that shares the bank’s values and culture. We brought a mix of expertise to the challenge: leading skills in digital trust and cyber security, procurement expertise and banking sector insights.
Throughout the engagement, we role-modelled the collaborative approach AIB was looking for. This gave the bank first-hand experience of what it feels like to be part of a successful partnership arrangement.
Framing the vision
Our work began with a strategy refresh. AIB was already a relatively cyber mature organisation and wanted to move to the next level. Through paper-based research, interviews and workshops to tease out tacit information, we built on the maturity assessment of the bank’s existing arrangements and compared these against leading practice cyber security strategies from across a range of sectors. This helped establish the business case for AIB to move to a strategic partnership approach to their SOC and cyber security capability provision as they continue to build the cyber maturity of the bank.
Continuing to collaborate closely, we worked with AIB to define required capabilities for developing a world-class, next-generation SOC, built around systems that are secure by design, processes that encourage compliance and people with a cyber savvy mindset. What did they need from their new partner – on the technical front and in terms of culture and thought leadership, for example? What was essential and what was nice to have?
With extensive experience in procurement, from accelerating the procurement of medicine robots in Norway to developing a sourcing strategy from scratch for the UK Ventilator Challenge, we were able to guide the team at pace. We began to plan a series of workshops to test the capabilities of each short-listed supplier in four different areas: day one in role, short-term transition, longer-term transformation and technical detail. We knew this approach would be a highly effective way to launch a sustainable strategic partnership.
Designing for engagement
We spent time structuring each workshop carefully to give individual supplier teams a chance to demonstrate how they would deliver on different aspects of the requirements and the ethos behind their approach.
We built in checkpoints throughout each workshop day, enabling the AIB team to feed back to suppliers on performance and check suppliers’ readiness to collaborate on improving their bid. We also created a rigorous scoring mechanism for evaluating bidders’ responses to the RFP and their performance in the workshops. This gave AIB a robust evidence base for debriefing unsuccessful bidders and established a clear audit trail to justify supplier selection.
Over 12 months, we facilitated 16 different workshops for four shortlisted suppliers, reworking the last 12 as virtual events to reflect COVID restrictions-imposed part-way through the process.
Despite this disruption, we enabled AIB to complete the selection process successfully and down-select from four bidders to two ahead of final contract negotiations. We supported and mentored AIB’s technical and procurement functions through the workshops, making sure that information and evidence to support their decision was collected accurately and appropriately assessed.
Launching a transformation
As a result of our work, AIB can be confident of selecting a supplier that will enable the bank to meet the cyber security challenges of today and transform their cyber security capabilities for the future. This will be key to enabling AIB to continue to grow and develop new and secure digital services that customers can trust.