What EY can do for you
Trust is the foundation of financial services. To win and maintain the trust of customers, financial institutions must demonstrate dedication to preserve confidentiality, confirm the availability of systems and services, and maintain the integrity of data. Regulators and stakeholders who rely on functioning financial markets are demanding this focus.
Maintaining trust has never been more challenging. Cybersecurity threats have moved from attacks on individual institutions to attacks on the financial system at large. Also, financial institutions are transforming with new digital channels, automation and other advanced technologies, introducing real benefits along with new risks. In response, regulators are heavily focused on systemic cyber risk and the contagion across firms and third parties. Regulators also expect financial institutions to enhance privacy protections on behalf of customers, who demand their confidential information to be well protected across digitally accessible products and services.
A new approach to address cybersecurity is clearly needed. Viewing cyber risk as an information-technology issue simply falls short. What is called for is an integrated cybersecurity risk management strategy, involving resources and activities of the entire organization.
Our view is that cybersecurity starts with people. And a successful approach should be talent-centric that focuses on a cybersecurity-aware culture and includes training and awareness to be instilled in the organization.
Beyond awareness, everyone has an active role to play, including business executives, risk, compliance and audit professionals, operational teams, legal and others. Cybersecurity risk management is a team sport and is everyone’s responsibility, from the boardroom to the front line.
A successful cybersecurity risk management strategy should be:
- Strategic and innovative: Embedded in strategic decision-making and able to adapt to, and benefit from, transformative innovation
- Risk-managed and prioritized: Driven by well-governed risk alignment, risk awareness and risk prioritization throughout the enterprise
- Intelligent and agile: Able to deliver timely threat identification and response through strong situational awareness and threat intelligence
- Resilient and scalable: Minimize impact of disruptions, while keeping pace with business growth
Integrated cybersecurity risk management enables financial institutions to achieve positive business outcomes, including improved regulatory alignment, effective risk management, preservation of brand equity, and increased shareholder value. Such a strategy delivers and maintains trust in financial institutions and markets.
At EY, we understand the importance and complexities of cyber threats and information security in financial services. We connect the right people and knowledge to create teams that can keep clients ahead of market changes, through their insights, analysis and innovations.