Matt Rowe
Chief Security Officer, Lloyds Banking Group
Industry
Banking, Finance
Our role
Cyber defence design and delivery
Featuring
Google SecOps
Lloyds Banking Group touches almost every part of the UK economy.
With more than 30 million customers, the Group serves everyone from first-time buyers and people building a nest egg for retirement, to major institutions arranging the finance they need to grow, invest, and employ staff.
“We settle about 30% of all payments that are made in the UK and provide banking services to the UK Government,” says Chief Security Officer Matt Rowe. “So, for example, when HMRC is making payments to individuals in the UK, those payments are made by Lloyds Banking Group.”
The Group is working at that scale and responsibility while pushing for greater agility. For security, the question is how to protect an institution that handles such a large share of the UK’s money, while embracing the kind of automation and speed of change required of a fintech.
“This is no ordinary cyber transformation. It's a complete re-engineering on how we defend against threats.”
Manija Poulatova,Director of Security Engineering and Operations, Lloyds Banking GroupRowe sums up the ambition from the Group’s side. “We aim to be the biggest fintech in the UK. That means that everything we do is about pace, about building products and propositions that meet our customers’ and clients’ needs as fast as possible.”
Delivering on that ambition has meant rebuilding security at unprecedented pace for an organisation of this size: designing a new, engineering‑led cyber defence centre from a greenfield start, implementing it in nine months, and reaching a level of automation that, in Rowe’s words, “enables the Group to safely go faster.”
“The problem we set out to solve is one every organisation is facing; human time spent on the least valuable work,” says Manija Poulatova, Director of Security Engineering and Operations, Lloyds Banking Group.
In a typical 24‑hour period, the legacy cyber platform would surface around 300 alerts. While many of them were true positives–the rules functioned correctly–the volume was overwhelming. Analysts had to sift through events as simple as someone mistyping a password, rather than signs of a real attack.
“People don't get into cyber security to be boxed in doing repetitive work. They want to be problem solvers. They want to have impact. They want to make society more secure.”
Matt Rowe,Chief Security Officer, Lloyds Banking GroupThe way the work was organised added further complexity. Daniel Horn, a Cyber Security Manager at Lloyds Banking Group, describes a patchwork of teams. “In our old way of working with our old processes and our old tooling, we were all in different teams,” he says. “And each had its own very fixed goals.”
From his experience as an engineer and analyst, that meant work was shuttled from team to team. “Once your work is done, over the fence it goes. Someone else will pick it up,” he recalls. “There was no unified, end-to-end, ‘protect the bank’ message.”
Lloyds Banking Group needed a way to cut through alert fatigue, give engineers a clearer view of true threats, and let them own more of the lifecycle from detection to response.
The Group’s mission and vision were “very straightforward”, says Poulatova. “We wanted to create an engineering-led, high-fidelity security operation centre where, if something fires, we know it’s bad.”
Rowe sees this as part of the broader evolution of the bank. “As the organisation has been transforming, moving to modern technology and modern ways of working, we’ve had to completely rebuild how security gets done as well,” he says.
That mission shaped the design of a new cyber defence centre and platform, led by Lloyds Banking Group and built with PwC and Google Cloud.
The teams at Lloyds Banking Group knew they couldn’t just move the existing set-up onto a new platform. They needed to start again.
This meant they wouldn't carry forward rules and processes that no longer served them. They could focus on what a modern, high‑fidelity cyber defence centre should look like, rather than rebuilding the old set‑up in a new environment.
Poulatova and her team wanted collaborators who would back that ambition.
“PwC and Google Cloud really understood our ambition, the timeline and aspiration of what we’re trying to do.”
Manija Poulatova,Director of Security Engineering and Operations, Lloyds Banking GroupLloyds Banking Group set out to design and implement a new cyber defence centre on Google SecOps within nine months, starting from a blank sheet and drawing on specialist support from PwC and Google Cloud.
Doruntina Jakupi, Mandiant Consulting, Google Cloud, describes it as “one of the most ambitious cyber programmes I’ve ever worked on”, requiring “a complete shift of mindset and approach.”
With the greenfield design agreed, the teams set out to build the cyber defence centre on Google SecOps with an “everything as code” approach. Instead of manually configuring tools one by one, the system configuration is captured as code and managed centrally.
A major benefit of this approach is that it puts control back into the hands of the engineers. “If any member of the team, regardless of seniority, sees a way to improve things, they can go and draft this improvement themselves,” says PwC’s Cyber Defence Director, Alex Gornoi. “It democratises improvement in the team.”
The platform brings together security information from across the bank: signals from laptops and other IT, email security systems that spot phishing, and solutions that monitor for hacking attempts against websites. By defining these system configurations as code, the team can test, iterate, and roll out updates at pace, preventing the return of fragmented silos.
Delivering this change meant combining Lloyds Banking Group's cyber expertise and engineering ambition with specialist support from PwC and Google Cloud.
“A big part of what made it all work was that Lloyds, Google Cloud, and PwC all had different skills to bring to the table and we all flexed who from our teams was involved and who focused on what throughout the project,” says Gornoi.
“We pulled in expertise across our three firms to solve any challenges that we encountered.”
Alex Gornoi,Cyber Defence Director, PwC UKWork was organised in two-week sprints, with priorities shared across organisations. Regular ‘show and tell’ sessions meant engineers could demonstrate standout work from the last sprint, even if it wasn’t finished, and larger problem‑solving meetings brought everyone together when the team hit blockers.
For many of the engineers, this was a chance to work at the frontier, solving new problems, learning fast, and seeing the impact of their work in real time.
The new cyber defence centre has changed both what the system does and how it feels to work in it.
“Around 80% of our alerts are processed through automation,” says Poulatova. “That means our people can focus on higher‑value analysis, threat hunting and tuning the models and AI‑based detections that sit underneath.”
“We now have incidents that are fully automated end‑to‑end, from an alarm firing through to it being triaged, investigated, and resolved,” adds Rowe. “Those models are defined and implemented by humans, but we sit above the system operating, and that approach allows us to operate at machine speed with human oversight.”
For cyber engineers, that means more time for the work they came into the profession to do: understanding threats, writing better detections, and seeing the impact of their expertise in protecting the Group from bad actors. For customers and the wider UK economy, it means an organisation of Lloyds Banking Group’s scale can safely go faster.
“The UK is a leader in financial services globally, but if we’re going to keep that position, we have to invest. And this project and the underlying cyber and technology capabilities are an excellent example of what the UK needs.”
Isabelle Jenkins,Lead Client Partner, PwC UKMatt Rowe
Chief Security Officer, Lloyds Banking GroupManija Poulatova
Director of Security Engineering and Operations, Lloyds Banking GroupDaniel Horn
Cyber Security Manager, Lloyds Banking GroupDoruntina Jakupi
Mandiant Consulting, Google CloudIsabelle Jenkins
Lead Client Partner, PwC UKAlex Gornoi
Cyber Defence Director, PwC UK