Cyber Risk Management in Ibercaja’s Digital Transformation
Cyber Risk Management in Ibercaja’s Digital Transformation
Author(s): Jacobo Peláez
Subject(s): Economy, Business Economy / Management, Financial Markets, ICT Information and Communications Technologies
Published by: Университет за национално и световно стопанство (УНСС)
Keywords: cyber risk management; operational resilience; digital transformation; DORA; ICT third-party risk
Summary/Abstract: This paper studies how Ibercaja – a Spanish banking group with a strong retail and SME focus – manages cyber risk while it pushes a major digital transformation. The aim is simple: check whether the bank’s strategy, controls, and governance are good enough to grow digital services without losing resilience or breaking the rules. I look at three flagship moves: the longterm technology deal with NTT DATA, the purchase and integration of Orange Bank Spain’s platform, and the consumer-finance build with Mambu on a cloud-native core. Using public documents and EU regulation as the base, I classify the main risks that come with these changes: outages during system migrations, third-party and concentration risk, data protection under GDPR, internal process errors and fraud, and cyberattacks such as phishing, ransomware, DDoS and data breaches. I place these in the EU context shaped by DORA and the AI Act, which lift expectations on incident handling, testing, and supplier oversight. On governance, Ibercaja reports a Board-approved Risk Appetite Framework, a three-lines model, and an Operational Risk function that combines self-assessments, a loss-events database, and KRIs. The case examples show how transition risk, resilience targets and vendor controls work in practice. The conclusion is pragmatic: keep resilience measurable with service-level objectives, invest in AI-assisted monitoring and strong data protection, maintain up-to-date third-party registers and tested exit plans, and continue training staff and informing customers.
- Page Range: 240-248
- Page Count: 9
- Publication Year: 2026
- Language: English
- Content File-PDF
