2 minute read 1 Dec 2017
Hackers with laptop pitching ideas at hackathon in workshop

How financial services organizations can manage cyber risk

By

Jeremy Pizzala

EY Global Financial Services Office Cyber Leader and Hong Kong FSO Advisory Leader

Cybersecurity leader in financial services. I’ve lived and worked in Hong Kong, London and Sydney, among other places. I enjoy sports, especially swimming.

2 minute read 1 Dec 2017
Related topics Advisory Cybersecurity Risk

Today’s new cyber threats pose serious questions about an organization’s preparedness. See five areas financial institutions can take now.

Today’s cyberattacks are becoming more numerous, more frequent and existentially more threatening than ever before. The new generation of attackers are no longer always motivated simply by stealing funds and holding companies’ information hostage. Instead, their aim can be to infiltrate and manipulate not just an individual company but the entire ecosystem to which it belongs.

Cyber risks are heightened as financial institutions transform their operations via new digital channels, automation and other advanced technologies. This is in addition to open banking beginning to reshape the sector’s approach to data sharing. Financial services companies continue to devote significant investments in securing gaps in their internal, online and digital frameworks, as those who want to exploit the weaknesses are getting smarter, bolder and more destructive.

In response, regulators are heavily focused on managing systemic cyber risk and potential contagion across organizations and third parties. The new cyber threats pose serious questions about organizations’ preparedness to rebound from a breach. Contemporary cybersecurity extends beyond protecting sensitive information and systems from malicious external attack, into guarding identities, data privacy and vulnerability management on a vast scale.

Putting cybersecurity at the heart of business strategy will help the financial services sector maintain and even enhance the trust of consumers, regulators and the media. For a start, the C-suite can no longer assume that cybersecurity is solely the responsibility of the information security (IS) or information technology (IT) departments. Instead, financial services companies must make cybersecurity a core part of business strategy and culture.

In doing so, they can enable the whole organization to understand the risks they face, embrace the innovation needed to counter those risks, and have the resilience to regroup and restore operations smoothly and efficiently in the wake of a cyber breach. Companies need an integrated cybersecurity vision — one that brings together the various functions and dependencies with other parts of the organization, external key stakeholders and third-party suppliers.

This is no easy task but is achievable if companies prioritize the following five areas:

1. Talent centricity

Build a culture that makes cybersecurity part of everyone’s job and create a chief information security officer (CISO) role that is fit for the purpose of your organization.

2. Strategy and innovation

Put cybersecurity at the heart of business strategy and ensure that new digital innovation includes cybersecurity at the outset.

3. Risk focus

Understand broad trends and new regulations that will impact how cyber risk governance needs to evolve. Implement a three-lines-of-defense (3LoD) approach with clearly defined roles and responsibilities to manage cyber risk effectively.

4. Intelligence and agility

Develop internal knowledge capabilities to use contemporary insights and information to assess the greatest cybersecurity threats. Deliver timely threat identification with a sharp focus on protecting the critical assets of the organization.

5. Resilience and scalability

Be prepared to recover rapidly from a cyber breach while holding your ecosystem to the same cybersecurity standards that you follow as an organization.

These five priorities will help financial services companies develop a cyber-secure and aware business culture that will protect the company, offer competitive advantage in the marketplace and help to solidify trust in the sector.

an integrated vision to manage cyber risk
an integrated vision to manage cyber risk
an integrated vision to manage cyber risk
an integrated vision to manage cyber risk

Summary

Financial institutions need to rethink their cyber risk management strategy — taking into consideration the heightened risk landscape, emerging technologies and associated business approaches. We examine five areas with action steps that financial institutions can take to develop a cyber-ready and aware business culture.

About this article

By

Jeremy Pizzala

EY Global Financial Services Office Cyber Leader and Hong Kong FSO Advisory Leader

Cybersecurity leader in financial services. I’ve lived and worked in Hong Kong, London and Sydney, among other places. I enjoy sports, especially swimming.

Related topics Advisory Cybersecurity Risk