How Lloyds Banking Group is modernising cyber defence to move at fintech speed

hero image
  • Case Study
  • July 2026

Lloyds Banking Group has transformed its approach to cyber defence, strengthening resilience and laying the foundations to embrace the next generation of financial technology safely and at scale.

Lloyds logo

Industry

Banking, Finance

Our role

Cyber defence design and delivery

Featuring

Google SecOps

Google Cloud logo

Lloyds Banking Group touches almost every part of the UK economy.

With more than 30 million customers, the Group serves everyone from first-time buyers and people building a nest egg for retirement, to major institutions arranging the finance they need to grow, invest, and employ staff.

Video 14/07/26

PwC Client Stories Lloyds

4:57
More tools
  • Closed captions
  • Transcript
  • Full screen
  • Share
  • Closed captions

Playback of this video is not currently available

Transcript

“We settle about 30% of all payments that are made in the UK and provide banking services to the UK Government,” says Chief Security Officer Matt Rowe. “So, for example, when HMRC is making payments to individuals in the UK, those payments are made by Lloyds Banking Group.”

The Group is working at that scale and responsibility while pushing for greater agility. For security, the question is how to protect an institution that handles such a large share of the UK’s money, while embracing the kind of automation and speed of change required of a fintech.

“This is no ordinary cyber transformation. It's a complete re-engineering on how we defend against threats.”

Manija Poulatova,Director of Security Engineering and Operations, Lloyds Banking Group

Rowe sums up the ambition from the Group’s side. “We aim to be the biggest fintech in the UK. That means that everything we do is about pace, about building products and propositions that meet our customers’ and clients’ needs as fast as possible.”

Delivering on that ambition has meant rebuilding security at unprecedented pace for an organisation of this size: designing a new, engineering‑led cyber defence centre from a greenfield start, implementing it in nine months, and reaching a level of automation that, in Rowe’s words, “enables the Group to safely go faster.”

From alert fatigue to an ambitious vision

“The problem we set out to solve is one every organisation is facing; human time spent on the least valuable work,” says Manija Poulatova, Director of Security Engineering and Operations, Lloyds Banking Group.

In a typical 24‑hour period, the legacy cyber platform would surface around 300 alerts. While many of them were true positives–the rules functioned correctly–the volume was overwhelming. Analysts had to sift through events as simple as someone mistyping a password, rather than signs of a real attack.

“People don't get into cyber security to be boxed in doing repetitive work. They want to be problem solvers. They want to have impact. They want to make society more secure.”

Matt Rowe,Chief Security Officer, Lloyds Banking Group

The way the work was organised added further complexity. Daniel Horn, a Cyber Security Manager at Lloyds Banking Group, describes a patchwork of teams. “In our old way of working with our old processes and our old tooling, we were all in different teams,” he says. “And each had its own very fixed goals.”

From his experience as an engineer and analyst, that meant work was shuttled from team to team. “Once your work is done, over the fence it goes. Someone else will pick it up,” he recalls. “There was no unified, end-to-end, ‘protect the bank’ message.”

Lloyds Banking Group needed a way to cut through alert fatigue, give engineers a clearer view of true threats, and let them own more of the lifecycle from detection to response.

The Group’s mission and vision were “very straightforward”, says Poulatova. “We wanted to create an engineering-led, high-fidelity security operation centre where, if something fires, we know it’s bad.”

Rowe sees this as part of the broader evolution of the bank. “As the organisation has been transforming, moving to modern technology and modern ways of working, we’ve had to completely rebuild how security gets done as well,” he says.

That mission shaped the design of a new cyber defence centre and platform, led by Lloyds Banking Group and built with PwC and Google Cloud.

Building from a greenfield

The teams at Lloyds Banking Group knew they couldn’t just move the existing set-up onto a new platform. They needed to start again.

This meant they wouldn't carry forward rules and processes that no longer served them. They could focus on what a modern, high‑fidelity cyber defence centre should look like, rather than rebuilding the old set‑up in a new environment.

Poulatova and her team wanted collaborators who would back that ambition.

“PwC and Google Cloud really understood our ambition, the timeline and aspiration of what we’re trying to do.”

Manija Poulatova,Director of Security Engineering and Operations, Lloyds Banking Group

Lloyds Banking Group set out to design and implement a new cyber defence centre on Google SecOps within nine months, starting from a blank sheet and drawing on specialist support from PwC and Google Cloud.

Doruntina Jakupi, Mandiant Consulting, Google Cloud, describes it as “one of the most ambitious cyber programmes I’ve ever worked on”, requiring “a complete shift of mindset and approach.”

Everything as code

With the greenfield design agreed, the teams set out to build the cyber defence centre on Google SecOps with an “everything as code” approach. Instead of manually configuring tools one by one, the system configuration is captured as code and managed centrally.

A major benefit of this approach is that it puts control back into the hands of the engineers. “If any member of the team, regardless of seniority, sees a way to improve things, they can go and draft this improvement themselves,” says PwC’s Cyber Defence Director, Alex Gornoi. “It democratises improvement in the team.”

The platform brings together security information from across the bank: signals from laptops and other IT, email security systems that spot phishing, and solutions that monitor for hacking attempts against websites. By defining these system configurations as code, the team can test, iterate, and roll out updates at pace, preventing the return of fragmented silos.

A blended team around a Lloyds-led ambition

Delivering this change meant combining Lloyds Banking Group's cyber expertise and engineering ambition with specialist support from PwC and Google Cloud.

“A big part of what made it all work was that Lloyds, Google Cloud, and PwC all had different skills to bring to the table and we all flexed who from our teams was involved and who focused on what throughout the project,” says Gornoi.

“We pulled in expertise across our three firms to solve any challenges that we encountered.”

Alex Gornoi,Cyber Defence Director, PwC UK

Work was organised in two-week sprints, with priorities shared across organisations. Regular ‘show and tell’ sessions meant engineers could demonstrate standout work from the last sprint, even if it wasn’t finished, and larger problem‑solving meetings brought everyone together when the team hit blockers.

For many of the engineers, this was a chance to work at the frontier, solving new problems, learning fast, and seeing the impact of their work in real time.

A better way to work

The new cyber defence centre has changed both what the system does and how it feels to work in it.

“Around 80% of our alerts are processed through automation,” says Poulatova. “That means our people can focus on higher‑value analysis, threat hunting and tuning the models and AI‑based detections that sit underneath.”

“We now have incidents that are fully automated end‑to‑end, from an alarm firing through to it being triaged, investigated, and resolved,” adds Rowe. “Those models are defined and implemented by humans, but we sit above the system operating, and that approach allows us to operate at machine speed with human oversight.”

For cyber engineers, that means more time for the work they came into the profession to do: understanding threats, writing better detections, and seeing the impact of their expertise in protecting the Group from bad actors. For customers and the wider UK economy, it means an organisation of Lloyds Banking Group’s scale can safely go faster.

“The UK is a leader in financial services globally, but if we’re going to keep that position, we have to invest. And this project and the underlying cyber and technology capabilities are an excellent example of what the UK needs.”

Isabelle Jenkins,Lead Client Partner, PwC UK

Matt Rowe, Chief Security Officer, Lloyds Banking Group
To be successful in the era of AI, we need to be able to defend at machine speed.

Manija Poulatova, Director of Security Engineering and Operations, Lloyds Banking Group
This is no ordinary cyber transformation. It's a complete re-engineering on how we defend against threats.

Alex Gornoi, Cyber Defence Director, PwC UK
The pace at which we delivered this transformation and the ultimate outcomes are, frankly, unprecedented.

Matt Rowe
So Lloyds Banking Group aims to be the biggest fintech in the UK. That means you need to have modern technology and therefore a modern security approach.

Isabelle Jenkins, Lead Client Partner, PwC UK
So the speed at which we're seeing financial services changing it is huge. Payments become faster, but that means we need the technologies that protect that money to evolve.

Matt Rowe
We're also living in an era where artificial intelligence is creating yet another paradigm shift. We need to be able to secure the organisation, at the pace at which a computer can operate.

Isabelle Jenkins
So we're obviously seeing a huge change around the world in terms of geopolitical events. So banks need to be really agile to make sure that they're supporting their customers.

Alex Gornoi
So the existing cyber defence centre at Lloyds had grown bureaucratic over time. So to keep up with the modern cyber threat, they really needed a fundamental refresh.

Matt Rowe
We chose Google SecOps as the platform to build our new operations centre. It allowed us to drive an engineering-led approach to cybersecurity.

Manija Poulatova
The problem we were trying to solve is human time spent on least valuable work. So we were there drowning in noise that was generated. And what we wanted to do is create a high-fidelity platform.

Daniel Horn, Cyber Security Manager, Lloyds Banking Group
A high-fidelity alert is the gold standard. It's an alert that when you get it, you're highly confident that it is something bad.

Manija Poulatova
We broke down the work and made sure that we have show and tells. They were my favourite part of the transformation.

Alex Gornoi
You know, it was an opportunity for everyone in the team to demonstrate cool work that they've been doing over the last sprint and essentially problem solve together.

Manija Poulatova
We really showed the progress that we're making, and they were the moments where we could pivot. Personally, I think that being a security engineer is one of the most exciting work that you can do. However, it depends what do you end up doing.

Daniel Horn
Cybersecurity engineers are definitionally critical thinking, problem solvers.

Matt Rowe
They want to be in a position of stopping the bad guys, of protecting organisations.

Daniel Horn
So in our old platform, we were very much in several silos and there was no unified end-to-end “protect the bank” message.

Manija Poulatova
Today, the same team does everything. So from response to detection. And we had a mantra as we were driving this transformation in nine months is to approach this as “everything as code.”

Doruntina Jakupi, Mandiant Consulting, Google Cloud
We never compromised in this goal. And that's why we have something very automated now where the engineers can focus on the cool stuff, and they don't have to work on operational overhead like they did before.

Alex Gornoi
It really empowered the Lloyds team to do change at pace. If any member of the team saw any way to improve things, they could just draft up some code.

Daniel Horn
Now it's your job to understand the threat, how we respond to it and how we remediate it for the future.

Manija Poulatova
Today we only have day shift and at night it's on-call system. It changes lives.

Matt Rowe
We have heard from our team that the everyday experience of working this way is just much better. It is harder, but you can more directly see the impact of your work.

We spoke to some partners who kind of sucked air through their teeth when we mentioned our ambitions, whereas the PwC response was “we can get that done”, and they really backed that up.

Manija Poulatova
PwC, they really understood the timeline and aspiration of what we're trying to do.

Matt Rowe
So they brought to the table really good engineering capacity, expertise and the right mindset.

Daniel Horn
Nothing was off the table between our two teams and it was a very constructive environment.

Alex Gornoi
I really saw our role being a helpful and flexible implementation partner who was there to complement the team with the right skills.

Daniel Horn
We also had Google collaborating on this project, and they brought their own fresh thinking from all of their breadth of experience.

Manija Poulatova
So right now, you know, everybody talks about AI. How is it going to change cybersecurity? Well, we finally have time to start adopting some of those technologies.

Doruntina Jakupi
The biggest advantages of the platform are definitely the integrated AI piece.

Alex Gornoi
Lloyds were keen to automate processes in cyber defence so a computer could respond to a cyber attack before an analyst even got involved.

Manija Poulatova
And it's all to continuously improve and take humans up the value chain. We used to generate 300 alerts in 24 hours. Fast forward, we are generating up to ten. That's incredible.

Matt Rowe
Comment has been made that it was a brave approach, and I think of it the other way around really. I think it would have been really scary not to do this because we did need to meet the moment. Having done this work, we are now set up to respond at pace and with agility to anything that might come at us.

Our contributors:

Matt Rowe

Chief Security Officer, Lloyds Banking Group

Manija Poulatova

Director of Security Engineering and Operations, Lloyds Banking Group

Daniel Horn

Cyber Security Manager, Lloyds Banking Group

Doruntina Jakupi

Mandiant Consulting, Google Cloud

Isabelle Jenkins

Lead Client Partner, PwC UK

Alex Gornoi

Cyber Defence Director, PwC UK

Featured client stories

Hugh James

Industry: Legal
Theme: Transformation

Learn more

Virgin Money

Industry: Banking
Theme: GenAI

Learn more

PwC Financial Services

PwC Cyber Security

Contact us

Ian Benson

Ian Benson

Cyber Security Partner, PwC United Kingdom

Tel: +44 (0)7701 295632

Isabelle Jenkins

Isabelle Jenkins

Lead Client Partner, PwC United Kingdom

Tel: +44 (0)7711 773030

Follow us