See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/342298927

Analysis of cyber-crime effects on the banking sector using the balance score
card: a survey of literature

Article  in  Journal of Financial Crime · June 2020

DOI: 10.1108/JFC-03-2020-0037

CITATIONS READS

24 2,830

3 authors:

Oluwatoyin Esther Akinbowale Heinz Eckart Klingelhöfer

Tshwane University of Technology Tshwane University of Technology
18 PUBLICATIONS   70 CITATIONS    202 PUBLICATIONS   270 CITATIONS   

SEE PROFILE SEE PROFILE

Mulatu Fekadu Zerihun

Tshwane University of Technology
81 PUBLICATIONS   241 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Proposed Monetary Integration in SADC View project

Economic Growth View project

All content following this page was uploaded by Mulatu Fekadu Zerihun on 18 January 2023.

The user has requested enhancement of the downloaded file.

 The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/1359-0790.htm

Cyber-crime
Analysis of cyber-crime effects effects on the
on the banking sector using the banking sector

balanced score card: a survey

of literature 945
Oluwatoyin Esther Akinbowale, Heinz Eckart Klingelhöfer and
Mulatu Fekadu Zerihun
Faculty of Economics and Finance, Tshwane University of Technology,
Pretoria, South Africa

Abstract
Purpose – The purpose of this paper is to review the effect of cybercrime in the banking sector.
Design/methodology/approach – This study uses a survey of literature and the balanced scorecard
(BSC) to analyse the effect of cybercrime on the banking sector.
Findings – The literature reviewed confirms an increasing wave of cybercrime that has impacted
negatively on the good will and economic growth of financial institutions, indirectly through loss of trust in
the digital infrastructure or directly through fraud and extortion in both developing and developed countries.
Research limitations – This study is limited to the application of BSC to analyse the effect of cybercrime
in the banking sector only.
Practical implications – To avert on going massive losses owing to cybercrime, the authors quest for
development of an alert system that can create the awareness of both the banks and the customers by
effectively implementing and integrating big data technology into their system to mitigate the negative
impacts of cybercrime.
Originality/value – The novelty of this study lies in the fact that this study uses the BSC for the analysis
of cybercrime in the banking sector, a problem that has not been sufficiently highlighted in the existing
literature.
Keywords Cybercrime, Balanced scorecard, Banking sector
Paper type Research paper

1. Introduction
This paper aims to analyse the impact of cybercrime on the banking sector by reviewing studies
from both developing and developed countries, employing the balance scorecard (BSC) as method
of analysis. On this basis, it provides critical recommendations to curb the menace.
The BSC was invented by Kaplan and Norton (1992) as a tool to measure organisational
performance based on four identified perspectives: financial, customer, internal business and
innovation and learning perspective (later renamed as “learning and growth”; Kaplan and
Norton, 1996). The BSC is used to measure and provide not only financial but also non-
financial feedback to the organisations, and has developed into a strategic management
system (Kaplan and Norton, 1996): As data collection is crucial to the progress of any
organization by providing quantitative data, the interpretation of information collected is Journal of Financial Crime
equally important for good decision-making in an organization. Hence, the BSC is an Vol. 27 No. 3, 2020
pp. 945-958
approach enhancing the provision of information to management to aid policy formulation © Emerald Publishing Limited
1359-0790
and promoting the overall organizational performance (Kaplan and Norton, 2001). DOI 10.1108/JFC-03-2020-0037
JFC This study seeks to answer basic questions highlighted in the literature in line with the
27,3 implications of cybercrime and its effects using BSC on the services of the banking sector.
The motivation for this study lies in the fact that we use the BSC for the analysis of
cybercrime that has not been sufficiently highlighted by the existing literature.
Furthermore, the existing research has focussed more on the effect of cybercrime from the
financial perspective of the banking sector and from the customer perception towards the
946 banking services. In addition to these effects, this work also gives an insight to the other
perspectives, i.e. the internal business processes and learning and growth aspects.
The rest of the paper is organised as follows. Section 2 presents the literature review, and
Section 3 presents further discussions on the literature review. Section 4 concludes the study
and provides policy implications.

2. Literature review
2.1 Extent of cybercrimes in developing and developed countries
This subsection provides a summary of recent and related literature in line with the research
problem and the objective stated in the introductory section. The attempt is to evaluate
previous studies to justify the need for review of previous studies. Rao and Suvarchala
(2018) examined the perception of customers towards the banking services with focus on
post demonetization. They found that customers face severe challenges in accessing
banking services and that their perception towards banking and financial services has
significantly changed post demonetization. They also revealed that one of the critical
challenges faced by the Indian banking sector is the issue of Non-Performing Assets (NPAs).
Sujatha (2017) analysed how e-banking services had evolved, the awareness of customers on
the availability of e-banking facilities prior to demonetization and government action
towards using e-services. The study concluded that during the period of pre-demonetization,
the banks made concerted efforts in the sensitization of their customers about the new
channels via lectures, seminars etc. Having acquainted properly with the processes of
internet banking, post demonetization, customers are more concerned with security and
privacy issues.
A study by Alwan and Al-Zubi (2016) stressed the need for commercial banks in Jordan
to concentrate on privacy and security issues with the alarming rate of cyber insecurity. The
banking sector is expected to implement security measures that will preserve customers’
critical information, as the internet is a global space, prone to unauthorized invasion and
hacking. Alagarsamy and Wilson (2013) revealed that the banking services are being
modified in a counter response to cybercrime and to meet the dynamic nature of changing
needs and preferences of customers to compete successfully with other banks. Customers’
demand from the banks is tasking, most especially the aspect of speed, precision and
security. However, the banks within the sector are continuously deploying technological and
innovative solutions to meet the service and customer requirements so as to gain a
competitive edge by gaining more grounds, winning new customers and retaining the
existing customer base. In the study of Kweyu and Ngare (2013), attempts were made to
analyse the perception of customers in relation to mobile banking services in Kenya. It
identified critical factors for the adoption of mobile banking services such as the intervening
demographic factors and consumer perceptions may have differential impact in the
developing market as compared to developed market conditions. The study also indicated
that there was no disparity in the gender decisions relating to the simplicity and risk
involved in the use of internet banking.
In addition, a study by Malik et al. (2018) found that cybercrimes had impacted
negatively on the integrity and efficiency of banks in Pakistan. The results further reveal
that government policies have the tendency to reduce the impact of cybercrimes to some Cyber-crime
minute extent. However, the study did not specify which aspect of efficiency in the Pakistan effects on the
banking sector was really affected by cybercrime. Examining the impacts of cyber threats
banking sector
on the attitude of customers using e-banking services, Ali et al. (2017) indicated that only
31% of the respondents confirmed to be aware of the cyber threat categories mentioned in
their survey. By implications, it means an approximate 70% of the online users were not
aware of the mentioned threats. This lack of information by the online users can be 947
attributed to poor sensitization and low level of awareness among all categories of
customers. This ignorance is what is exploited by the cyber criminals to intrude into
unsuspecting customers’ information for fraudulent and illegal activities. Furthermore, over
60% of the users were unable to discover and properly manage the information security
threats. In addition, about 55% of the users were not aware of the precautionary measures to
take when using online banking services. Hence, there arises a need for the banks to upgrade
on the necessary information relating to the use and security of the online banking system
and to communicate same to the customers via adequate sensitization.
Tariq (2018) examined the impact of cyberattacks on financial institutions comparing the
cases of cyberattacks recorded in five different continents. The outcome revealed that
the loss suffered through cyberattacks can be classified into direct and indirect losses. The
direct loss consists of money theft and data breach, the indirect loss of customer frustration
and destruction of public relation. However, the study came up with preventive methods to
minimize cyberattacks in the financial institutions: tight internal security, cyber security
assessment, cyber security training and cyber security audit.
Arcuri et al. (2017) examined the effect of cybercrime and information and security
breaches on the stock returns of firms. The result revealed that there were considerable
negative market returns following the announcements of cyberattacks, and the financial
institutions are often at the receiving end compared to other institutions. The study also
found that open cyberattacks which are non-confidential in nature are the most dangerous,
most especially for the financial sector.
From the internal control point of view, Balan et al. (2017) stressed further that to avoid
inadequate security, it needs to improve the internal control: the implementation of strong
internal control measures has immunized some organizations to fraud perpetration; hence,
the consolidation or reinforcement of internal control measures will enable organizations to
be more proactive and effective in their fight against cyber fraud.
Al-Suwaidi et al. (2018) estimated the causes of cybercrime on the level of cyberattacks in
10 countries (Belgium, Canada, China, India, Italy, Japan, Spain, The Netherlands, UAE and
USA) in the period 2005–2017. The research findings revealed that the degree of cybercrime
in Belgium, China, Italy, USA and UAE was not a function of the level of unemployment.
Instead different reasons might be responsible for this outcome with respect to the country’s
socio-economic values and socio-cultural diversity. However, according to Kshetri (2015), the
reason for a high significance level with high unemployment rates in India is directly related
to key economic and social characteristics, which include dual economy and low levels of
income and education, which lead to low levels of human development, higher degrees of
income inequality and weak democratic institutions.
Kumudha and Rajan (2018) engaged in a critical analysis of cyber phishing and its
impact on the banking sector and found out that the growth in cybercrime and the
complexity of its investigation procedure require appropriate mitigating measures to be
adopted. However, the slow rate of implementation of such measures makes many countries
susceptible to cybercrimes (Ivezic, 2017). Malik et al. (2018) showed that cybercrimes have
JFC negatively impacted on the efficiency of banks in Pakistan with the severity ranging from
27,3 60% to 80%.
Furthermore, Malik and Islam (2019) also investigated the roles of awareness relating to
information security in mitigating cyber fraud and enhanced customers’ information
security and overall performance of financial institutions in Pakistan. The research findings
show that incidents related to cyber fraud have impacted negatively on the goodwill and
948 performance of the financial institutions. However, effective sensitization about security-
related information has continued to mitigate its effect when adequately deployed.
According to a report of the UK Finance (2018), the cybercrime attack on the Bangladesh
Bank was a case of compromise of the bank’s information technology (IT) systems allowing
perpetrators to manipulate the payment system that connects the bank to the Society for
Worldwide Interbank Financial Telecommunication system. The aim of the perpetrators
was to move money to Sri Lanka and the Philippines, by submitting 35 fraudulent payment
transfers out of which 30 were prevented by the anti-fraud squad. Over the years, cyber
criminals have deployed many means of manipulating the financial institutions via phishing
emails, impersonation and account hacking, thereby paving way for unauthorized access to
sensitive information and the compromise of the financial institutions. Figure 1 summarizes
some of the cybercrime incidents across many countries as reported by the UK Financial
Times (2018).
Dzomira (2014) examined the risk of cyber fraud to the banking industry in Zimbabwe.
The study explored different forms of cyber fraud which were being perpetrated against the
banking institutions and the associated problems. The study approach which was
descriptive in nature involves the analysis of primary data obtained from 22 banks in

Figure 1.
Some cybercrime
incidents
Zimbabwe. The analysis of the results obtained showed that cybercrime in the banking Cyber-crime
industries in Zimbabwe existed in different forms such as unauthorized intrusion into the effects on the
banks’ or personal information or accounts, credit/debit card fraud, money laundering,
employee embezzlement, pharming, phishing, malware, hacking, virus, spam and advance
banking sector
fee fraud. Also some challenges bedevilling the mitigation measures were identified such as
non-implementation of recent technological advances aimed at curbing cyber-crimes, lack of
resources, low-level enforcement of cyber-crime laws and inadequate sensitization while
recommending the improvement in cyber security via a robust collaboration of all the stake
949
holders.
Investigating the extent to which cybercrime influenced performance of commercial
banks in Kenya, Njeru and Gaitho (2019) discovered that 95% of the respondents agreed to
cybercrime as threat to the banking sector, whereas 5% disagreed. On the average,
respondents submitted that the insurance costs of protecting customers and the financial
institutions against cyber-related crimes were too high and could affect the banking
performance and innovativeness. The outcome also showed that the banks payed corrosive
charges required to meet IT compliance standards, with the prevention and detection costs
on the high side, thereby resulting in reduced profitability. Furthermore, the respondents
found the approach of assigning a particular responsibility for the detection and reporting of
suspected cybercriminal activities as being costly and possibly affecting the profitability of
the financial institutions. In addition, the study identified four classifications of cost as
presented in Figure 2, which is illustrated in line with the balanced scorecard approach
considered in this study.
Prevention and detection expenses are incurred to minimize the organisation’s loss
because of cyber-related crimes. Response cost result from introducing reactive strategies to
tackle the identified cases of cybercrime (such as disaster recovery response cost). Bank
finances are impacted by embezzled funds using online transfers or complete account
takeovers. This may also include raising fears with respect to the safety and reliability of the
financial institution. Indirect costs or image-related cost may be seen as opportunity cost
resulting from cybercrime (Lewis and Baker, 2013).
The aforementioned reports on the losses incurred by the banking sector in South Africa,
which is the focus of this study, indicate a decrease in the level of revenue in the bank with

Firewalls, Antivirus,
Browser, IT Security
Systems, Spam filters,
INTERNAL & Extension costs.
Prevention and
PERSPECTIVE Detection

CUSTOMER COSTS OF
CYBERCRIME Response Insurance fees,
PERSPECTIVE
Compensation,payment,
FINANCIAL Regulatory fines &
PERSPECTIVE Legal Costs
Bank Finances
LEARNING
AND GROWTH Profitability &
PERSPECTIVE Cashflow
Indirect/Negative
Image
Reputation damage,
Share value loss &
Customer confident
Figure 2.
Cost classification of
cybercrime effect on
the banking sector
Source: Adopted From Njeru and Gaitho (2019, p. 509)
JFC customers’ complaint on the rise. This further implies that the effect of cybercrime on the
27,3 banking sectors’ revenues is inversely proportional to customer complaints. In other words,,
the lower the customer satisfaction, the lower the revenues.
Table 1 presents some of the critical challenges facing banks today, with respect to
different territories according to the KPMG (2019) Global Banking Survey Report.

950 2.2 Review of concept and applications of the balanced scorecard

BSC emphasizes the importance of the provision of a set of information which addresses all
critical areas of performance in a clear fashion to the users (Kaplan and Norton, 1992). This
information should include both the financial and non-financial elements, covering major
aspects such as profitability, internal efficiency, customer satisfaction and innovativeness
(Certified Public Accounting [CPA], 2012, Board-Australia). As depicted in Figure 3, to have
a balanced view of an organisation and to ensure its viability and its alignment with its
goals, its vision and strategies, a BSC examines the organisation from four major
perspectives (Kaplan and Norton, 1996; Figure 3): financial, customers, internal business
processes and learning and growth.
The financial perspective is an indicator which measures the financial health of the
organisation showing the financial effects of the past decisions of the organisation (compare
for this and the following Kaplan and Norton, 1992). It reveals the fulfilment of the set
financial targets, often related to the creation of shareholder value, such as cash-flows, the
amount of profit made or loss incurred by the organisation. The customers’ perspective
reveals the level of customers’ satisfaction by the product purchased or the service rendered
by the organisation (measured again against the organisation’s objectives). This may
encompass the customers’ expectations, experience and psychological well-being with the

America EMA (Europeans, Middle East and Africa) Asian Pacific

Cyber and data breaches Cyber and data breaches Cyber and data breaches
Faster payment Faster payment Social engineering
Open banking Evolving digital channels Faster payment
Evolving digital Payment Services Directives 2 (PSD2)/Open Evolving digital
Table 1. channels banking channels
Banking survey Virtual currencies Social engineering Open banking
report on economic
crime Source: KPMG Banking Survey Report, 2019

Figure 3.
Four perspectives of
BSC
view to increase awareness, enhance continued relationship, improve customers’ experience Cyber-crime
and tackle the challenges faced by customers in relation to the products purchased or service effects on the
rendered by the organisation.
The internal business processes perspective examines the efficiency of operation and the
banking sector
effectiveness with which the business is running (Kaplan and Norton, 1992). This encompasses
waste management, keeping realistic forecast, meeting important schedules, elimination of
bottlenecks, quick adaptation to the dynamic business conditions and environments and the
provision of need-driven products and services. The perspective emphasises significant 951
improvement in the product and service offerings as well as the overall business process
improvement.
The learning and growth perspective focusses on organisational procedures and human
capital, to create a corporate culture of innovation and change for the organisation, as well
as the extent of collaboration for knowledge sharing, which also includes information and
management systems (Kaplan and Norton, 1992). It also deals with the development of
human capacities via training, seminars or workshops to acquaint the employees with the
latest technological trends – and rewarding them for good performance and innovative
behaviour. This is necessary in gaining a competitive edge considering the dynamic nature
of the business landscape; hence, the perspective emphasis the optimisation of human
capital and technology as well as the improvement in the expertise of the employee.
Every scorecard has a strategic objective for each of the perspectives, this is followed by
the measurement of the level of actualisation of the objectives with respect to the overall
organisation’s goal (Kaplan and Norton, 1996). Table 2 gives details of the various
perspectives of BSC

2.3 Cybercrime and its effects

Cybercrime is an intelligent threat perpetrated by intelligent criminals, and it is one of the
utmost and challenging problems bedevilling many corporate organizations. It is an online-
related crime which involves unauthorized access into an individual’s or corporate sensitive
information for personal gains. This takes place wherever a computer connection to
cyberspace exist – within the cyber space and other information and communication media
(Walden, 2007). Dalla and Geeta (2013) asserted that cybercrime is an illegal operations
perpetrated within the cyber space and other information and communication medium. In
the same view, Hunton (2009, p. 532) defined cybercrime as a “crime committed through the
use of an electronic media involving the cyberspace”. Cyber breaches encompass ingenuine
communications and fact-finding approaches which include significant forensic and
exploratory capabilities, executed with agility and precision (PwC, 2016 Report).
Cybercrime escalates in a hyperconnected business ecosystem, ranking the second most
reported economic crime in the world (PwC, 2016 Global Report). For example, the PwC
(2018) Global Report examined the global perspective of cybercrime and reported that
companies that offer financial services were 48% vulnerable to economic crime. It also
revealed that among the top fifteen countries which agreed that their law enforcement
agencies are not sufficiently equipped to combat cybercrime South Africa was ranked
second with a reported rate of economic crime of 70%.
The KPMG (2019) Global Banking Fraud Survey identifies ten fraud typologies, namely,
internal fraud, cyber or online fraud, data theft, scams, impersonation, identity theft,
mortgage application fraud, financial statement fraud or rogue trading as well as merchant
fraud. The KPMG report confirms that from over half of the respondents from the three
regions (America, EMA-Europe, Middle East and Africa and Asian Pacific) considered, the
retrievals from losses because of cyber fraud were less than 25% of the total losses. This
JFC S. no. Perspectives Questions Explanations Appropriate measures
27,3
1 Financial How will the creation
This covers the  Return on the capital
of value for the conventional invested
shareholders be indicators such as  Growth in revenue
achieved? profitability and  Earnings per share
growth as well as  Cash flow
952 shareholder value
2 Customer What value will the Gives rise to targets  Acquisition of new
(existing and new) that matter to customers
customers derive? customers: cost,  Returns
quality, delivery,  Customer complaints
inspection, handling  On-time deliveries
and so on
3 Internal business What processes must Seeks significant  Quality control rejects
processes be improved to improvement in the  Speed of production
achieve the financial internal cum decision  Information management
and customer making processes  Average set-up time
satisfaction goals?
4 Learning and growth Is continuous Aims at innovation,  Labour turnover rate
improvement and continuous  Percentage of income
creation of future improvement and generated by new products
value possible? creation of future and services
Table 2.
value  Average time taken for
Discussion of the product and services
four perspectives of development
BSC and their  Improvement rates on other
respective measures performance measures

implies a huge loss of revenue to fraud, a financial implication detrimental to the services of
the banking sector. Similarly, studies by Böhme and Moore (2012), Arachchilage and Love
(2014) and Wada and Odulaja (2012) show that technology improvements leading to the
primary reliance on the use of internet and other information communication technology
systems do not only serve as an opportunity for a bank to compete successfully in the
industry, but also serve as an avenue for crime perpetrations, thus, forming a threat
resulting from the intrusion and/or authorised access to the bank’s sensitive information.
Instead, on the other hand, they may also be employed for crime perpetrations, thus forming
a threat resulting from the intrusion and/or authorised access to the bank’s sensitive
information. As a result, cybercrime has been increasing with great concerns for the
financial institutions and their customers:
In recent times, the global impact of cybercrime was estimated to have exceeded $450bn a
year in the form of crime, extortion, blackmail and fraud move online (UK Finance, 2018).
Cybercrimes have been reported to have cost African economies a loss of $3.5bn in 2017 with
a total of $649m and $210m losses attributed to Nigeria and Kenya, respectively. Similarly,
South Africa also reported to incur an annual loss of $157m to cyberattacks (Kshetri, 2019).
Already in 2013, Anderson et al. (2013) conducted an empirical study which shows that,
globally, the financial institutions have continued to incur losses in the tune of billions of
dollars because of cybercrime either directly or indirectly; hence, the need to adopt lasting
mitigating measures against cybercrimes. In addition, in 2017, Ali et al. (2017) estimated the
cost implications of cybercrime to increase geometrically over the next 10 years with the
financial institutions most likely to be affected.
 It was also estimated that in 2016, the banking sector expended a total of $360 billion on Cyber-crime
information technology, while the organizations associated with financial services have effects on the
been reported to have spent thrice the amount spent by non-financial institutions to
checkmate cyber insecurity (UK Finance, 2018).
banking sector

3. Summary and discussions

3.1 Consequences of cybercrime in the banking sector 953
Gady and Austin (2010) described Africa’s cyber space as a weapon of mass destruction
potentially posing a menace to the world. The African Union Commission (2016) reported
that eleven countries in the African continent had definite laws or provisions to combat
cybercrime, viz: Botswana, Cameroon, Côte d’Ivoire, Ghana, Mauritania, Mauritius, Nigeria,
Senegal, Tanzania, Uganda and Zambia. In addition, twelve other countries had so far taken
some legislative measures on the same issue while cybercrime laws had been drafted in
some other countries as bills awaiting passage at the level of the parliament.
The South African Banking Risk Information Centre (SABRIC, 2019) reported that, in 2017,
a total of 13 438 cybercrime cases involving mobile and banking apps as well as online
reportedly banking costed the banking sector a gross sum of more than R250 000 000.
Furthermore, there had been an exponential increase in similar cases from January to August
2018, with an estimated increase of 64%. This further resulted in a 7% growth in the gross
losses when compared to the same period in 2017. The comparative analysis of January to
August 2017 to the same period in 2018, indicated that this growth is attributable to mobile
banking incidents which was more than double the original loss (gross losses in the tune of R23
593), and an increase of 44% (gross loss of R89 368 722) in online banking incidents [1].
Figure 4 shows the total number of incidents recorded in 2017 and 2018, respectively.
This is accompanied with the losses incurred in both periods.
Figure 5 indicates the types of internet banking operations where cyber incidents were
recorded. Basically, it shows the percentage growth in each of the incidents recorded
between 2017 and 2018. Obviously, this increase in the incidents led to a similar one in the
losses suffered by the banking sector.
In addition, in 2016, the Wall street Journal estimated that the losses incurred to cybercrime in
the USA was in the tune of $100bn, while, in 2015, the British insurance company Lloyd’s
estimated the losses because of cyber-crime cost businesses at approximately $400bn per annum.
This sum includes the damage directly as a result of the cyber-attack and after the incidence and

Cybercrime Incidents in South Africa

Total Number of Incidents for 2017 and

25,000

20,000
2018

15,000

10,000

5,000 Figure 4.
Difference in the
0 growth of
R250,000,000 R267,500,000
(2017) (2018) cybercrimes and the
Gross losses (Cost) losses recorded
between 2017 and
2018
Source: SABRIC (2019)
JFC Cybercrime Incidents in the Banking Sector
27,3

% Increase in Cyber Incidents between 2017

120

100

80

and 2018
954 60

40

20

Figure 5. 0
Mobile banking Online banking Banking app SIM swops (R8,254)
Percentage increase (R23,593,631) (R89,368,722) (R70,156,364)
in the losses recorded Gross losses (Cost) and Incidents
on cybercrime
incidents
Source: SABRIC (2019)

the disruption to the normal business operation (Lewis and Baker, 2013). Juniper Network (2015)
predicted that the growing digitization of consumers’ and business information would likely
provoke an increase in the losses relating to data breaches to $2.1tn globally by 2019. This
accounts for an increase to almost four times the losses estimated for data breaches in 2015.

3.2 Review on balanced scorecard perspectives

This part of the study entails the research gap observed from the literature reviewed, alongside
the author’s name and the perspective of BSC considered by each research (Table 3).
The outcome of the BSC analysis is further explained in Figure 6. Five of the literature
sources focussed on the financial perspective of the BSC, seven focussed on the customer
perspective, three on the learning and growth perspective and one on the internal
perspective. This implies that most of the existing literature reviewed focussed on the effects
of cyber-crime on the customers. This is because of the fact that the customers are often seen
as the main determinant of the revenue level of an organisation. Therefore, the issues
affecting them should indeed be central to the organisations, and this is key to the overall
success of the organisation. The failure to tackle their plight is a recipe for failure. It also
implies that in a continuous drive to satisfy customers, the organisation must tackle
cybercrime and reduce the effect on the customers.

4. Conclusions and policy implications

The novelty of this study lies in the fact that the study uses the BSC for the analysis of
cybercrime in the banking sector – a problem that has not been sufficiently highlighted in the
existing literature. The literature reviewed in this study confirmed that there is an increasing
wave of the cybercrime which has impacted negatively on the goodwill and economic growth
of financial institutions, indirectly through lack of trust in the digital and internet infrastructure
or directly through fraud and extortion. To mitigate cybercrime, one should consider the
development of a multi-disciplinary approach for effective disruption of the infrastructure of
the cyber criminals via uncompromised intelligence sharing and close cooperation between law
enforcement and crime investigation agencies for prompt intelligent gathering. Furthermore,
collaboration between financial institutions, involving the sharing of good crime-mitigating
practices, can serve as continuous improvement measures to improve cyber security. In
S/
No. Author’s name Research gap Balanced scorecard perspective

1 Malik et al. (2018) The specific area of efficiency which cybercrime has really affected in the Pakistan banking sector was not It was difficult to trace the aspect of
indicated in the study BSC focussed in this study
2 Ali et al. (2017) The need for public sensitization in order to create awareness regarding cyber threat Customer perspective
3 Tariq (2018) The preventive methods introduced or suggested in the study are already used by several banks in the world Customer and Financial Perspectives
based on existing literature. However, improvement can be made by providing a new way of applying them,
considering current technological demand. This is because cyberattacks become more complicated with regard to
technological advancement. In addition, each of the four preventive methods mentioned in the study make use of
tools/software. In view of this future research can investigate and identify the most effective tools that may be
compatible and flexible enough to meet the need for changes in technology
4 Arcuri et al. (2017) The study is limited to stock returns of firms as the only indicator for measuring the impact of cybercrime on a Financial perspective
firm
5 Balan et al. (2017) The study is focussed on all businesses, but the businesses were not treated on a one on one basis. For instance, Financial Perspective (Monetary loss),
with respect to finance, there are many businesses in this field, of which the banking sector is one. Future study Learning and Growth Perspective
can consider comparative analysis involving data obtained from two or more sources
6 Kumudha and The study is conclusive in nature as there was no particular data analytics techniques used. It is a review of Internal perspective
Rajan (2018) literature; hence, future study can consider this gap and employ approaches involving data analysis
7 Al-Suwaidi et al. The study was mainly focussed on the causes of cybercrime, there was no emphasis on the remedy or way Financial Perspective, Learning and
(2018) forward to combat cybercrime. Future studies should therefore consider this Growth Perspective
8 Rao and They only focussed on customers’ perception towards banking services in post demonetization. There was no Customer perspective
Suvarchala (2018) emphasis on their perception before demonetization. Future research should consider examining the perception of
customers towards banking services in pre-demonetization and compare with post-demonetization. This will help
to identify the deficiencies in the banking services regarding customers’ perception
9 Sujatha (2017) The research is a comparative analysis on the factors influencing pre- and post- demonetization on e-banking. Learning and Growth Perspective,
Future research can investigate the best approach, feasible enough to combat those factors with negative Customer Perspective
influence on demonetization
10 Alwan and Al- The study was only able to report the prevailing situation of internal banking adopted by commercial bank`s Customer perspective
Zubi (2016) customers in Jordan. The outcome of this study was limited to 2016. Future research can extend the study in order
to ascertain the current state of internet banking adoption from 2017 till date
11 Kweyu and Ngare The study classified the factors that were identified by the customers as important for the adoption of mobile Customer perspective
(2013) banking. Future research can consider the opinion of bank staff alongside the clients to be able to establish a
consensus on the adoption of mobile banking and the factors influencing it
12 Alagarsamy and The study was on the behaviour of customers towards banking services with particular reference to the banks in Customer Perspective and Learning
Wilson (2013) the public sector. Future study can consider including private sector banks when carrying similar research and Growth Perspective
13 Njeru and Gaitho The study did not include investigation on the relevant strategies to minimizing the huge extent of cybercrime Financial perspective
(2019) influence on the performance of commercial banks. Future research can consider this

explored
Overview of existing
Table 3.

research gap
research and
955
banking sector
Cyber-crime
effects on the
JFC
27,3
7

956
3

1 1

FINANCIAL CUSTOMER LEARNING AND INTERNAL NO BSC FOCUS

Figure 6. PERSPECTIVE PERSPECTIVE GROWTH PERSPECTIVE
PERSPECTIVE
BSC perspectives of
the analysed studies Series 1 Column1 Column2

addition, a culture of information dissemination and knowledge via a common platform for
both the individuals and corporate organizations may constitute an effective strategy
necessary to curb the challenges of cyber threats and the responsible actors. In addition, the
integration of business partners, within the public and private spheres will probably be key to a
significant disruption of the cyber-threat networks.
The consensus from this study confirms that cybercrime indeed is a threat that originates
from the use of information technology facilities. The dynamic nature of cybercrime and the
sophistication associated with it makes it increasingly difficult for policymakers and
government institutions to implement laws and policies to combat cybercrime. Therefore, the
banking sector should involve in a consistent sensitisation of their customers on information
security techniques and how to avoid intrusion into their account.
Furthermore, this study concurs with the suggestions of previous studies to quest for the
development of an alert system that can create the awareness of both the banks and
the customer whenever there is any forcible entry or access into the customers’ account or the
organisation’s confidential information. In addition to this, the banking sector should consider
the idea of effectively implementing and integrating big data technology into its system to
mitigate the negative impacts of cybercrime. This will support the storage of large amounts of
data and help to examine, observe and detect irregularities within the network. Big data will
also enable the prediction and avoidance of the possibilities of intrusion and invasion.

Note
1. “R” stands for the currency of South Africa, the Rand.

References
African Union Commission (2016), “Cybercrime and cyber security trends in Africa-The Hague security
delta”, available at: www.thehaguesecuritydelta.com (accessed 2 February 2020).
Alagarsamy, K. and Wilson, S. (2013), “A study on customer behavior towards banking services with
special reference to public sector banks in Sivagangai district”, Asia Pacific Journal of Marketing
and Management Review, Vol. 2 No. 2, pp. 183-196.
Ali, L., Ali, F., Surendran, P. and Thomas, B. (2017), “The effects of cyber threats on customer’s
behaviour in e-Banking services”, International Journal of e-Education, e-Business, e-
Management and e-Learning, Vol. 7 No. 1, pp. 70-78.
Al-Suwaidi, N., Nobanee, H. and Jabeen, F. (2018), “Estimating causes of cyber crime: evidence from Cyber-crime
panel data FGLS estimator”, International Journal of Cyber Criminology (Diamond Open Access
Journal), Vol. 12 No. 2, pp. 392-407.
effects on the
Alwan, H.A. and Al-Zubi, A.I. (2016), “Determinants of internet banking adoption among customers of
banking sector
commercial banks: an empirical study in the Jordanian banking sector”, International Journal of
Business and Management, Vol. 11 No. 3, pp. 95-104.
Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M.J.G., Levi, M., Moore, T. and Savage, S.
(2013), “Measuring the cost of cybercrime”, in Böhme, R. (Ed.), Economics of Information 957
Security and Privacy, Springer, Berlin, pp. 265-300.
Arachchilage, N.A.G. and Love, S. (2014), “Security awareness of computer users: a phishing threat
avoidance perspective”, Computers in Human Behavior, Vol. 38, pp. 304-312.
Arcuri, M.B., Brogi, M. and Gandolfi1, G. (2017), “How does cyber crime affect firms? The effect of
information security breaches on stock returns”, Proceedings of the First Italian Conference on
Cybersecurity (ITASEC17), Venice, pp. 175-193.
Balan, S., Otto, J., Minasian, E. and Aryal, A. (2017), “Data analysis of cybercrimes in businesses”,
Information Technology and Management Science, Vol. 20 No. 1, pp. 64-68.
Böhme, R. and Moore, T. (2012), “How do consumers react to cybercrime?”, eCrime Researchers Summit
(eCrime), IEEE, pp. 1-12.
CPA (2012), Study Manual on Management Accounting, 2nd ed., British Library Cataloguing-in-
Publication Data. ISBN 9781 4453 8013 1 Previous ISBN 9780 7517 8151 9.
Dalla, E.H. and Geeta, M.S. (2013), “Cybercrime a threat to persons, property, government and
societies”, International Journal of Advanced Research in Computer Science and Software
Engineering, Vol. 3 No. 5, pp. 997-1002.
Dzomira, S. (2014), “Electronic fraud (cyber fraud) risk in the banking industry”, Zimbabwe. Risk
Governance and Control: financial Markets and Institutions, Vol. 4 No. 2, pp. 16-26.
Gady, F.S. and Austin, G. (2010), Russia, the United States and Cyber Diplomacy: Opening the Door, The
EastWest Institute, New York, NY, pp. 1-32.
Hunton, P. (2009), “The growing phenomenon of crime and the internet: a cybercrime execution and
analysis model”, Computer Law and Security Review, Vol. 25 No. 6, pp. 528-535.
Ivezic, M. (2017), “Cybercrime in China – a growing threat for the Chinese economy”, available at: www.
linkedin.com/pulse/cybercrime-china-growing-threatchinese-economy-marin-ivezic (accessed 2
April 2018).
Juniper Network (2015), “Instant evolution in the age of digitalization”, available at: www.juniper.net
(accessed 2 February 2020).
Kaplan, R.S. and Norton, D.P. (1996), “Using the balanced scorecard as a strategic management
system”, Harvard Business Review, Vol. 74 No. 1, pp. 75-85.
Kaplan, R.S. and Norton, D.P. (2001), The Strategic-Focused Organisation: How Balanced Scorecard
Companies Thrive in the New Competitive Environment, Harvard Business School Press, Boston.
Kaplan, R.S. and Norton, D.P. (1992), “The balanced scorecard – measures that drive performance”,
Harvard Business Review, Vol. 70 Nos 1/2, pp. 69-79.
KPMG (2019), “The multifaceted threat of fraud: are banks up to the challenge?”, Global Banking Fraud
Survey, available at: www.kpmg.com (accessed 2 February 2020).
Kshetri, N. (2015), “Cybercrime and cybersecurity issues in the BRICS economies”, Journal of Global
Information Technology Management, Vol. 18 No. 4, pp. 1-5.
Kshetri, N. (2019), “Cybercrime and cybersecurity in Africa”, Journal of Global Information Technology
Management, Vol. 22 No. 2, pp. 77-81.
Kumudha, S. and Rajan, A. (2018), “A critical analysis of cyber phishing and its impact on banking sector”,
International Journal of Pure and Applied Mathematics, Vol. 119 No. 17, pp. 1557-1569.
JFC Kweyu, M. and Ngare, P. (2013), “Factor analysis of customers perception of mobile banking services in
Kenya”, Journal of Emerging Trends in Economics and Management Sciences (JETEMS),
27,3 Research Institute Journals, Vol. 5 No. 1, pp. 1-8.
Lewis, J. and Baker, S. (2013), “The economic impact of cybercrime and cyber espionage”, CIO Summit:
Organization for IT Leaders.
Malik, M.S. and Islam, U. (2019), “Cybercrime: an emerging threat to the banking sector of Pakistan”,
Journal of Financial Crime, Vol. 26 No. 1, pp. 50-60.
958
Malik, S., Noreen, S. and Awan, A.G. (2018), “The impact of cybercrimes on the efficiency of banking sector
of Pakistan”, Global Journal of Management, Social Sciences and Humanities, Vol. 4 No. 4, pp. 821-842.
Njeru, P.W. and Gaitho, V. (2019), “Investigating extent to which cybercrime influences performance of
commercial banks in Kenya”, International Journal of Economics, Commerce and Management,
Vol. 7 No. 8, pp. 489-514.
PwC (2016), “Banking in Africa matters – African banking survey, global fintech report”, pp. 1-100,
available at: www.pwc.org (accessed October 2018).
PwC (2018), “Global economic crime survey: pulling fraud out of the shadows”, pp. 1-30, available at:
www.pwc.org (accessed January 2019).
Rao, V.N. and Suvarchala, M.B. (2018), “Customer perception towards banking services – post
demonetization”, IOSR Journal of Business and Management (IOSR-JBM), Vol. 20 No. 4, pp. 79-86.
South African Banking Risk Information Centre (SABRIC) (2019), “Digital banking crime statistics”,
available at: www.sabric.co.za (accessed 2 February 2020).
Sujatha, T.L. (2017), “A comparative study on pre and post demonetization on E-Banking services”,
IOSR Journal of Business and Management (IOSR-JBM), pp. 12-17.
Tariq, N. (2018), “Impact of cyberattacks on financial institutions”, Journal of Internet Banking and
Commerce, Vol. 23 No. 2, pp. 1-11.
UK Finance (2018), “Staying ahead of cyber crime”, pp. 1-16, available at: www.ukfnance.org.uk
(accessed 20 January 2020).
Wada, F. and Odulaja, G.O. (2012), “Electronic banking and cyber crime in Nigeria – a theoretical
policy perspective on causation”, African Journal of Computing and ICT, Vol. 4 No. 2,
pp. 69-82.
Walden, I. (2007), Computer Crimes and Digital Investigations, Oxford University Press, Oxford.

Further reading
Jacco, C. (2018), “KPMG global perspectives on cyber security in banking: a roundtable discussion on
the state of cyber security management in the banking sector”, pp. 1-7, available at: home.kpmg.
com (accessed 2 February 2020).
Kshetri, N. (2010), “Diffusion and effects of cyber-crime in developing economies”, Third World
Quarterly, Vol. 31 No. 7, pp. 1057-1079.
Sharma, A. (2014), “Frauds in India and forensic accounting”, International Journal of Research and
Development in Technology Management Science –Kailash, Vol. 21 No. 5, pp. 200-207.

Corresponding author
Oluwatoyin Esther Akinbowale can be contacted at: oluwatee01@gmail.com

For instructions on how to order reprints of this article, please visit our website:
www.emeraldgrouppublishing.com/licensing/reprints.htm
Or contact us for further details: permissions@emeraldinsight.com

View publication stats