How financial services organizations can manage cyber risk

Today’s new cyber threats pose serious questions about an organization’s preparedness. See five areas financial institutions can take now.

Today’s cyberattacks are becoming more numerous, more frequent and existentially more threatening than ever before. The new generation of attackers are no longer always motivated simply by stealing funds and holding companies’ information hostage. Instead, their aim can be to infiltrate and manipulate not just an individual company but the entire ecosystem to which it belongs.

Cyber risks are heightened as financial institutions transform their operations via new digital channels, automation and other advanced technologies. This is in addition to open banking beginning to reshape the sector’s approach to data sharing. Financial services companies continue to devote significant investments in securing gaps in their internal, online and digital frameworks, as those who want to exploit the weaknesses are getting smarter, bolder and more destructive.

In response, regulators are heavily focused on managing systemic cyber risk and potential contagion across organizations and third parties. The new cyber threats pose serious questions about organizations’ preparedness to rebound from a breach. Contemporary cybersecurity extends beyond protecting sensitive information and systems from malicious external attack, into guarding identities, data privacy and vulnerability management on a vast scale.

Putting cybersecurity at the heart of business strategy will help the financial services sector maintain and even enhance the trust of consumers, regulators and the media. For a start, the C-suite can no longer assume that cybersecurity is solely the responsibility of the information security (IS) or information technology (IT) departments. Instead, financial services companies must make cybersecurity a core part of business strategy and culture.

In doing so, they can enable the whole organization to understand the risks they face, embrace the innovation needed to counter those risks, and have the resilience to regroup and restore operations smoothly and efficiently in the wake of a cyber breach. Companies need an integrated cybersecurity vision — one that brings together the various functions and dependencies with other parts of the organization, external key stakeholders and third-party suppliers.

This is no easy task but is achievable if companies prioritize the following five areas:

1. Talent centricity

Build a culture that makes cybersecurity part of everyone’s job and create a chief information security officer (CISO) role that is fit for the purpose of your organization.

2. Strategy and innovation

Put cybersecurity at the heart of business strategy and ensure that new digital innovation includes cybersecurity at the outset.

3. Risk focus

Understand broad trends and new regulations that will impact how cyber risk governance needs to evolve. Implement a three-lines-of-defense (3LoD) approach with clearly defined roles and responsibilities to manage cyber risk effectively.

4. Intelligence and agility

Develop internal knowledge capabilities to use contemporary insights and information to assess the greatest cybersecurity threats. Deliver timely threat identification with a sharp focus on protecting the critical assets of the organization.

5. Resilience and scalability

Be prepared to recover rapidly from a cyber breach while holding your ecosystem to the same cybersecurity standards that you follow as an organization.

These five priorities will help financial services companies develop a cyber-secure and aware business culture that will protect the company, offer competitive advantage in the marketplace and help to solidify trust in the sector.