Digital security is one of Bankinter's main priorities. This is demonstrated year after year by increases in the budget and personnel dedicated to this issue. The objective of this is to ensure high levels of confidentiality, integrity and availability to customers, employees, shareholders and suppliers, in accordance with the objectives in the following table.
Maintaining banking operations
Building trust and security
Complying with rules and regulations
Customer experience
These commitments are set out in the Digital Security Master Plan, which made important contributions to security projects and internal processes in its second year of operation. These included the increasing maturity of business continuity plans and protection against threats such as distributed denial of service attacks (DDoS) and ransomware. The use of the NIST CyberSecurity Framework, a protection framework for critical infrastructure, makes it possible to measure the maturity level of compensating controls and minimise the risk to the Bank.
In addition, BSI's certifications in Security Management (ISO 27001) and Business Continuity (ISO 22301) were renewed in 2023, providing external assurance in project implementation and process development.
Security reviews were also performed on the entity's suppliers, using a methodology based on the European Banking Authority (EBA) guidelines.
Gap analysis was performed to identify possible weaknesses in compliance with the European DORA regulation, which comes into force in 2025, ensuring its application in relation to resilience for all Bankinter Group subsidiaries.
The activity of the area included the development of awareness plans for users, who are the weakest link in the security chain. The bank provides online training programmes for employees and simulates attempts to obtain confidential information (passwords, personal details, etc.) through emails, text messages (smishing) and telephone calls (vishing), etc.
Role play exercises were also conducted with senior management to analyse decision-making and evaluate the reaction of the management team to cybersecurity issues.
This awareness-raising work also extended to external staff, with direct initiatives for Bankinter's customers and non-customers. In 2023, baiting (USB) and hacking (social engineering with QR codes) exercises were performed. In addition, special emphasis was placed on customer focus, including campaigns with videos, manuals, news and safety instructions.
Bankinter has implemented a cyber intelligence service to obtain early and preventive information on threats such as stolen customer credentials, the numbers of compromised credit cards and abuse of its brand.
This service provides extra visibility of what is happening outside our borders. Combined with the internal information reported to management through our performance and risk indicators, this enables us to create a global picture that helps in the early and proactive management of threats and risks.
A modern SOC (Security Operation Centre) initiative was launched in 2023, on a 24x7 basis, to unify all the information needed for effective management of this issue. These security operation centres are highly specialised, with experts providing various levels of support and analysis. This ensures constant knowledge of, and appropriate responses to, incidents worldwide through a comprehensive service.
We use first and third-party cookies for analytical and statistical purposes and to show you personalised advertisements based on a profile compiled from your browsing habits (e.g. pages visited). For more information, click on our Cookie Policy. You can accept all cookies by pressing 'Accept' or personalise your choice by clicking on MANAGE OR REJECT COOKIES.