RBS: IT failure's sharp end
The bank's response to its IT failure this week could be a valuable lesson in the importance of IT crisis management and BC planning.
Inside the Enterprise: It was one of the worst days of the year to find your debit card declined. But that was the experience of thousands of customers of the RBS banking group this week.
The group, which includes NatWest and Ulster Bank, as well as RBS, brands suffered another serious systems failure. The "systems issues" which have not yet been identified, at least in public, left customers unable to use cash machines, their debit cards, or pay for shopping online. The fact that the outage happened on "Cyber Monday," the busiest day for online shopping, did not help.
RBS has said that the failure was not related to Cyber Monday transaction volumes, although the timing certainly increased the number of frustrated RBS Group customers.
This is not the first time such a tech glitch has occured. Indeed, the bank has had serious systems before.
In 2012, a failed software error left some customers unable to access their accounts for days, and cost RBS Group 175 million in compensation.
And, earlier this year, its mobile banking applications failed. It seems, then, that the company has yet to put its house in order. An internal report into the June 2012 failure has been completed, but has not been published, according to the Financial Times.
RBS has, though, learned something from its repeated IT problems, and there are lessons there too, for other enterprises that deal with their customers electronically.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
This time around, RBS was quick to admit to the fault, to offer to compensate customers, and move to limit the damage. Importantly, this was led from the top. Director of customer solutions, Susan Allen, gave a series of media interviews, and CEO Ross McEwan quickly issued his statement.
In that statement, McEwan admitted that the company has failed to invest sufficiently in its IT systems. After the June 2012 outage, RBS said it would increase its IT budget running at around 2 billion by a further 450 million. Additional investment could well be needed now to sure up the bank's IT.
These investments, though, take time. That is why reassuring customers quickly is important for any organisation that relies heavily on IT. This is the case whether the outage is a result of external forces flood, fire, or power problems an IT issue, such as the problems experienced by RBS, or indeed the growing threat of cyber attack.
In today's complex IT environments, such incidents cannot ever be prevented entirely, so it is vital that CIOs, and boards, "plan to fail".
As one industry expert, Mike Allen, vice president for application performance management at Compuware, notes: "The RBS problem on Cyber Monday, one of the busiest shopping days of the year, shows the impact that IT now has on all of our lives. With systems getting more and more complex, it is harder to spot a potential problem. When something like this happens, it takes even longer to find the cause."
Most customers will forgive a business if they react quickly to a problem by acknowledging it, and explaining how they will put it right.
They are less tolerant of evasions and denials. That, perhaps, is the lesson RBS has learned, albeit the hard way.
Stephen Pritchard is contributing editor at IT Pro.