The survey reveals that “only 6% of financial services companies say their information security function currently meets their organization’s needs, but 65% plan to make the required improvements.” In one sense, these results are shocking. But, if you reflect on all the shocks in the system, the continued pace of new cyberattacks, and increased risk to a firm’s brand (loss of data, a breach or reputation), the figures are not surprising. Do financial services firms truly think their security team is best in class in protecting their organization? Most would say no. And for those that have a cyber risk program, the pace of improvement needs to increase.
Organizations in this sector are most anxious about the immaturity of their information security processes in the areas of architecture (cited as non-existent or very immature by 18%), metrics and reporting (18%) and asset management (17%), based on survey results. There is a concern that cyber expertise is not as involved as it should be in the ongoing transformation. Most organizations are on a digital transformation journey and are talking about adding artificial intelligence (AI), robotics and more valuable customer data into their operational models. However, cyber data, metrics and reporting should be embedded in the system from the outset to achieve agile transformational change – which is clearly not the case right now. If you build the right systems and security level into the design phase, it is easier to address gaps and flaws in the lifecycle.
Readiness requires a level of education from the top. Yet, there is an ongoing concern about the lack of talent in this area. In fact, 31% of survey participants warn that skill shortages are a potential stumbling block. Employees can also be a major threat to an organization. Certain cybersecurity functions can be automated through the use of robotics and AI, reducing risks and often improving efficiency. Innovation presents one of the biggest opportunities for the industry, and technology can help accelerate the level of organizational change. A high degree of trust in business correlates to the critical role of leading change.