Visit our new website to find insights, case studies and more.
Visit our new website to find insights, case studies and more.
Visit our new website to find insights, case studies and more.
The better the question. The better the answer. The better the world works. У вас есть вопрос? У нас есть ответ. Решая сложные задачи бизнеса, мы улучшаем мир. У вас є запитання? У нас є відповідь. Вирішуючи складні завдання бізнесу, ми змінюємо світ на краще. Meilleure la question, meilleure la réponse. Pour un monde meilleur. 問題越好。答案越好。商業世界越美好。 问题越好。答案越好。商业世界越美好。



Maintaining trust in a global, interconnected, digital world

Trust is at the foundation of financial services. To win and maintain the trust of customers, financial institutions must demonstrate consistent dedication to preserving confidentiality, confirming the availability of systems and services, and maintaining the integrity of data. Regulators and all stakeholders who rely on functioning financial markets are demanding this focus.

Maintaining trust has never been more challenging. Cybersecurity threats have moved from attacks on individual institutions to attacks on the financial system at large. In response, regulators are heavily focused on systemic cyber risk and the contagion across firms and third parties. Regulators also expect financial institutions to enhance privacy protections on behalf of customers, who demand their confidential information be well protected across an expanding range of digitally accessible products and services. Financial institutions are transforming with new digital channels, automation and other advanced technologies, introducing real benefits along with new risks.

A new approach to addressing cybersecurity is clearly needed. Viewing cyber risk as an information-technology issue simply falls short. What is called for is an integrated cybersecurity risk management strategy which involves the resources and activities of the entire organization.

Our view is that cybersecurity starts with people – a successful approach has to be talent-centric. Cybersecurity is everyone’s responsibility, from the boardroom to the front line. Elevated awareness of cyber risks and training on how to address them are essential. Beyond awareness, everyone has a active role to play – including business executives, risk, compliance and audit professionals, operational teams, legal and others. Cybersecurity risk management is a team sport. A talent-centric approach depends on a cybersecurity-aware culture and includes training and awareness to be instilled throughout the organization.

A successful cybersecurity risk management strategy has to be:

  • Strategic and innovative: Embedded in strategic decision-making and able to adapt to, and benefit from, transformative innovation
  • Risk-managed and prioritized: Driven by well-governed risk alignment, risk awareness and risk prioritization throughout the enterprise
  • Intelligent and agile:  Able to deliver timely threat identification and response through strong situational awareness and threat intelligence
  • Resilient and scalable: Minimize impact of disruptions, while keeping pace with business growth

Integrated cybersecurity risk management enables financial institutions to achieve positive business outcomes, including improved regulatory alignment, more effective risk management, preservation of brand equity, and increased shareholder value. Such a strategy delivers and maintains trust in financial institutions and markets. Achieving those objectives has never been more important.


EY sees the opportunity

Our fully integrated and globally connected teams create a single, all-encompassing vision for managing cybersecurity risk. Seeing things from all angles means we put cybersecurity at the heart of our clients’ business strategy, to support innovation and help them gain a competitive edge in today’s digital world.

Latest insights

Loading topics...

Related content

May 2018

Cybersecurity: Risks to the financial services industry and its preparedness

March 2018

The New York State Cyber Rules: Year One and Beyond

March 2018

How to achieve readiness for GDPR compliance

30 January 2018

Europe's new data rules go much deeper than PCI — and many U.S. companies must comply

October 2017

Integrating cybersecurity into a firm’s innovation team is critical for digital transformation.

How to Optimize High-Value Asset Identification

Financial firms need an ongoing commitment to identifying and managing high value assets, which is critical to corporate agility, operations, resilience, and cyber defense.

Watch: Defending the next wave of cyberattacks

William Beer, EY Cybersecurity Principal, discusses trends and themes around recent cyberattacks, in this BBC interview.

16 May 2017

EY recommends six steps for organizations to protect themselves and reduce impact of ransomware attacks.

March 2017

Fighting back against cyber fraud

How do you become a disruptor before you become disrupted?

“EY is among the market leaders in Information Security Consulting Services who demonstrated tenacious client focus, deep technical expertise, wide breadth of services, and substantial global reach.” — The Forrester Wave

Contact us

Cybersecurity Leaders

At EY, we understand the importance and complexities of cyber threats and information security in financial services. It's how we connect the right people and knowledge, creating teams that can keep clients ahead of market changes, through our insights, analysis and innovations.

Cindy Doe
Cindy Doe
FS Cybersecurity Leader
United States
+1 617 375 4558
Steve Holt
Steve Holt
FS Cybersecurity Leader
United Kingdom
+44 20 7951 7874
Jeremy Pizzala
Jeremy Pizzala
Asia-Pacific and Global
FS Cybersecurity Leader
Hong Kong
+852 28469085
Bob Sydow
Bob Sydow
Americas Advisory
Cybersecurity Leader
United States
+1513 612 1591