Maintaining trust in a global, interconnected, digital world
Trust is at the foundation of financial services. To win and maintain the trust of customers, financial institutions must demonstrate consistent dedication to preserving confidentiality, confirming the availability of systems and services, and maintaining the integrity of data. Regulators and all stakeholders who rely on functioning financial markets are demanding this focus.
Maintaining trust has never been more challenging. Cybersecurity threats have moved from attacks on individual institutions to attacks on the financial system at large. In response, regulators are heavily focused on systemic cyber risk and the contagion across firms and third parties. Regulators also expect financial institutions to enhance privacy protections on behalf of customers, who demand their confidential information be well protected across an expanding range of digitally accessible products and services. Financial institutions are transforming with new digital channels, automation and other advanced technologies, introducing real benefits along with new risks.
A new approach to addressing cybersecurity is clearly needed. Viewing cyber risk as an information-technology issue simply falls short. What is called for is an integrated cybersecurity risk management strategy which involves the resources and activities of the entire organization.
Our view is that cybersecurity starts with people – a successful approach has to be talent-centric. Cybersecurity is everyone’s responsibility, from the boardroom to the front line. Elevated awareness of cyber risks and training on how to address them are essential. Beyond awareness, everyone has a active role to play – including business executives, risk, compliance and audit professionals, operational teams, legal and others. Cybersecurity risk management is a team sport. A talent-centric approach depends on a cybersecurity-aware culture and includes training and awareness to be instilled throughout the organization.
A successful cybersecurity risk management strategy has to be:
- Strategic and innovative: Embedded in strategic decision-making and able to adapt to, and benefit from, transformative innovation
- Risk-managed and prioritized: Driven by well-governed risk alignment, risk awareness and risk prioritization throughout the enterprise
- Intelligent and agile: Able to deliver timely threat identification and response through strong situational awareness and threat intelligence
- Resilient and scalable: Minimize impact of disruptions, while keeping pace with business growth
Integrated cybersecurity risk management enables financial institutions to achieve positive business outcomes, including improved regulatory alignment, more effective risk management, preservation of brand equity, and increased shareholder value. Such a strategy delivers and maintains trust in financial institutions and markets. Achieving those objectives has never been more important.
EY sees the opportunity
Our fully integrated and globally connected teams create a single, all-encompassing vision for managing cybersecurity risk. Seeing things from all angles means we put cybersecurity at the heart of our clients’ business strategy, to support innovation and help them gain a competitive edge in today’s digital world.
Cybersecurity: Risks to the financial services industry and its preparedness
The New York State Cyber Rules: Year One and Beyond
How to achieve readiness for GDPR compliance
Europe's new data rules go much deeper than PCI — and many U.S. companies must comply
Integrating cybersecurity into a firm’s innovation team is critical for digital transformation.
Financial firms need an ongoing commitment to identifying and managing high value assets, which is critical to corporate agility, operations, resilience, and cyber defense.
William Beer, EY Cybersecurity Principal, discusses trends and themes around recent cyberattacks, in this BBC interview.
EY recommends six steps for organizations to protect themselves and reduce impact of ransomware attacks.
Fighting back against cyber fraud
How do you become a disruptor before you become disrupted?
“EY is among the market leaders in Information Security Consulting Services who demonstrated tenacious client focus, deep technical expertise, wide breadth of services, and substantial global reach.” — The Forrester Wave
Replay: How can you turn digital risk into a source of competitive advantage?
Today’s business leaders must not only evaluate business risks on their potential impact and likelihood of occurrence, but also on their velocity.
21 June 2018
Perspectives from the EY Cybersecurity Board Summit
On June 11–12, 2018, more than 30 board members and panelists met in Dallas for the EY Cybersecurity Board Summit. The event featured deep-dive discussions on cybersecurity risk and oversight.
Why cybersecurity is everyone’s responsibility
This webinar discusses the global cybersecurity landscape, as well as the threats and opportunities cybersecurity is presenting for financial services organizations.
Important considerations for responding to ransom attacks
This webcast series offers valuable insights on the fast-changing landscape of regulation and litigation that affect businesses.
At EY, we understand the importance and complexities of cyber threats and information security in financial services. It's how we connect the right people and knowledge, creating teams that can keep clients ahead of market changes, through our insights, analysis and innovations.