8 minute read 13 Jun 2023
Fiber optics carrying computer virus attacking binary code

Building Resilience: Safeguarding Financial Institutions from Modern Cyber Threats

By Marc Minar

Director, Cybersecurity in Financial Services | EY Switzerland

Member of the Swiss Cybersecurity Leadership Team in EY's EMEIA Financial Services Consulting practice. Licensed pilot and passionate golf player.

8 minute read 13 Jun 2023

Proactive cyber risk management is crucial for modern financial institutions to help quickly respond to threats and disruptions.

In brief

  • Cyber risk and resilience management is decisive for organizations to proactively mitigate cyber threats and recover from disruptions to business operations.
  • Extensive cyber-focused Business Continuity Management (BCM) includes risk assessment, incident response planning, and continuous improvement.
  • Building a resilient organization helps to recover from cyber attacks quickly and effectively, preventing a long-term impact on the Business.

In today’s ever-evolving digital landscape, the emergence of cyber risks has placed tremendous pressure on organizations to manage potential incidents effectively. A poorly managed incident can have severe and long-lasting impacts on a business, including financial losses, reputational damages and even legal consequences. Moreover, the severity of disruptions due to cyber incidents in financial institutions makes these organizations prime targets for cyber attackers.

Against this background, it is vital for financial institutions to have a robust BCM in place to proactively identify and mitigate risks, as well as provide an effective response to cyber incidents. In this article, we'll explore the key components of a successful incident response plan and cover the importance of enhancing the overall BCM in the context of emerging cyber threats.

Key terms used in this article

  • Resilience

    Resilience is the general organizational capability to sense, resist and respond to disruptive events by adapting and reshaping operations in environments where there are both foreseeable and unforeseeable risks. 

  • Cyber resilience

    Cyber resilience aims to defend against potential cyber attacks while ensuring business continuity. It brings together aspects from various specialized domains, including risk management, technology best practices and coordination of the roles across all relevant departments.

  • Crown jewels

    The “crown jewels” are the most valuable and critical assets of an organization. These can include sensitive data, intellectual property, and other resources that are essential to the organization’s operations and success. If the crown jewels are compromised or lost, this could have a significant negative impact on the organization’s reputation, financial stability or competitive advantage.

With the key terms established, let’s dive into the topic of BCM in the context of cyber risk. To do so, we focus on three important questions:

  • How does BCM help you prepare for and address potential cyber attacks?
  • How do you ensure your cyber resilience plans are aligned to the most recent cyber risks?
  • How do you guarantee the effectiveness of your incident response plans and processes?
(Chapter breaker)


Business Continuity Management for cyber attacks

How does BCM help you prepare for and address potential cyber attacks?

Managing cyber risk and resilience should be a continuous process enabling an organization to react quickly to an attack and limit its impact. Establishing a computer security incident response team (CSIRT) supports efficient crisis management. The CSIRT coordinates response activities and processes – including across all relevant departments within the organization – to deal with intrusion detections. The performance, speed and efficiency of a CSIRT relies on the resources available, which should ideally include:

  • Organizational setup: A framework of policies, standards and procedures should be established to guide the decision-making processes and resource allocations in line with the business objectives defined by leadership.
  • The human factor: Assigning qualified staff to the right roles and ensuring that everyone understands their roles and responsibilities is central to the cooperation needed in case of cyber disruption.
  • Effective tools: Suitable technological solutions and infrastructure enable people to focus on the most important parts of their work and be as effective as possible. For example, a tailored security information and event management (SIEM) system can collect and analyze data from various sources to identify potential security incidents. This reduces the need for manual monitoring and improves the effectiveness of detection and analysis during an attack, and also enhances forensics and evidence gathering.

Continuous monitoring of an organization to detect vulnerabilities and cyber attacks allows the incident response plan to be triggered in case of an attack, which is an important aspect of BCM. There are also various regulatory requirements governing cyber risk and resilience management: the FINMA Circular 23/1 “Operational risks and resilience” (specific to banks in Switzerland) and two European regulations, namely the Digital Operational Resilience Act (DORA) and the Network and Information Security Directive (NIS2), which apply to financial institutions based in the European Union. These regulations require that financial institutions identify threats, implement protective measures, monitor for cyber attacks, develop response procedures and ensure prompt recovery of business operations.

(Chapter breaker)


Adapting cyber resilience to the latest risks

How do you ensure your cyber resilience plans are aligned to the most recent cyber risks?

Lessons learned and improvements made following incidents – as discussed in the previous section – are especially important to avoid being overwhelmed twice by similar incidents or vulnerabilities. But organizations like financial institutions shouldn’t only rely on past experience. Cyber criminals often attack organizations that are similar to one another, using techniques they have learned from previous events. It is therefore crucial to be able to prevent the most common attacks, especially those occurring against direct peers or competitors.

Considering this fact, organizations should not simply maintain a reactive state but preferably be proactive to mitigate the most recent cyber risks before even being targeted. This can involve staying up to date on the latest cyber threats, vulnerabilities and attack techniques as well as implementing appropriate security controls and measures to mitigate the corresponding risks.

Additionally, it is important to have a well-trained and informed workforce that understands the importance of cybersecurity and can help mitigate risks through safe cyber practices. This can be achieved by training employees on best practices for securing data and systems and conducting organization-wide cyber awareness campaigns. More generally, leaders should promote a culture of security awareness throughout the organization.

Overall, being proactive in addressing the most recent cyber threats involves a combination of staying alert, implementing best practices and training employees on safe cyber practices. This should always be accompanied by regular assessment and testing of the security measures in place.

(Chapter breaker)


Effective incident response

How do you guarantee the effectiveness of your incident response plans and processes?

Performing cyber incident simulations (CIS) is essential to ensure that incident response plans and processes are effective. In general, a CIS conducted as a tabletop exercise or real-case simulation. While tabletop exercises involve walking through a hypothetical scenario and discussing how the organization would respond, simulations include running a mock attack to test the organization’s response capabilities.

It is important to identify any gaps or weaknesses in the incident response plan during testing in order to make necessary adjustments. Testing can also help identify areas where employees need additional training or resources to effectively respond to cyber incidents. For example, it might be helpful to define in more detail the roles and responsibilities of different team members in responding to an incident to ensure that everyone knows what they are responsible for and what actions they need to take. As communication is critical during a cyber incident, the incident response plan should include procedures for communicating with different stakeholders, such as customers, business partners and regulators.

In addition to testing the incident response plan, organizations need ways to evaluate its effectiveness. Measures of performance might include the number of incidents detected and resolved, their respective costs in terms of damages and business interruptions, as well as the duration between identifying and addressing an incident. These metrics can be used to assess the effectiveness of the incident response plan. Furthermore, detailed analysis can help identify trends and patterns in incidents and highlight areas where improvements can be made.

Generally, organizations should regularly review and update their incident response plans and processes based on the results of CISs and the corresponding metrics and reports, as well of experience of new cyber attacks. This ensures that they remain relevant and effective in an environment of constantly evolving cyber threats.

In the current digital environment, cyber risks are a major concern for financial institutions due to their potential for severe disruption. Hence, it is crucial to have a robust cyber resilience strategy in place, including a well-designed and regularly tested incident response plan. Compliant and effective cyber-oriented BCM should focus on identifying and mitigating risks, developing response procedures, and ensuring prompt recovery of business operations. Additionally, the BCM should be evaluated and improved continuously to consider the latest incidents and emerging threats in the cybersecurity landscape.


By adopting a comprehensive cyber resilience strategy, organizations can adopt a sound risk management approach to address potential cyber incidents. This enables them to be proactive against cyber threats, while maintaining their core business activities.


We kindly thank Anthony Kieffer for his valuable contribution to this article.

About this article

By Marc Minar

Director, Cybersecurity in Financial Services | EY Switzerland

Member of the Swiss Cybersecurity Leadership Team in EY's EMEIA Financial Services Consulting practice. Licensed pilot and passionate golf player.