If your firm is subject to an attack or data breach – and lacks a clear view of the risks – how prepared will it be?
If you step back, cyber risk is large and growing – and not going away. If your firm is subject to an attack or data breach – and lacks a clear view of the risks – how prepared will it be? What are the consequences of reputational risk and loss of trust in your organization? Time and again we see that when organizations suffer a breach, they are not well rehearsed. Simulations and exercises are a powerful means of responding to stress. When an incident is mentioned in the media, you think there should have been a different approach to the response.
Technology is changing the shape of banking, leaving banks more exposed. We see a number of firms ultimately establishing “Greenfield” banks to support their bricks and mortar. As cybersecurity grows, embedding these into the change will be critical. Yet, many times we hear: “cyber security will slow us down. We haven’t got time to wait for it. We need the results now.” That’s a concern.
Think about the ecosystem, not just the servers
One area not highlighted in the survey is the ecosystem. The supply chain within financial services is very complex, presenting risks for those firms that rely on outsourcing. There is increasing evidence that attackers are targeting third parties at the weak end of that ecosystem by accessing data as entry to the financial services industry. It’s important for firms to have a good handle on where their customer data resides if they are to secure the ecosystem supply chain.
On a global level, protecting customer privacy and personal data is part of cyber and will not change. Organizations need to think about how they are using data – not just about how to protect it with the law, but the ethical aspect as well. Yes, you want value and need to be regulatory compliant, but are you doing it the right way?
In the next 12 months, financial services firms need to be prepared, developing sustainable strategies, while keeping data secure at all costs and sharing it externally with trusted partners. The challenge will be to protect their enterprise, optimize cybersecurity, and accelerate the pace of growth.
By Steve Holt, EY Partner, EMEIA Financial Services
Where there is risk, there is also reward – and doing nothing presents the greatest risk. Those companies with robust cyber platforms are enabled to grow and build the long-term trust which we believe will be a critical competitive advantage in the future.