Print

Why cybersecurity is everyone’s responsibility in today’s financial services organization

Digital and connectivity Print

Today’s cyber attacks are more numerous, more frequent and existentially more threatening than ever before as evidenced by the recent global ransomware attack.

As financial services companies work to plug the gaps in their internal, online and digital frameworks, those who want to exploit the weaknesses are getting smarter, bolder and more destructive in their attacks.  The number of incidents is expected to increase.

The new cyber threats pose serious questions about the resilience of all organizations to rebound from a breach – less than 14% of financial services respondents to EY’s latest Global Information Security Survey think that their information security function fully meets their organizational needs.

For confidence to grow, cybersecurity must become every employee’s responsibility as it extends across an organization’s customer, supplier and vendor ecosystem. In today’s cyber world, security involves protecting sensitive information and systems from malicious external attacks, as well as guarding identities, data privacy and vulnerability management. 

A new approach to addressing cyber security is clearly needed. What is called for is an integrated cyber security risk management strategy that involves the resources and activities of the entire organization.

10 things to do right now

Putting into place a holistic business-driven approach to combating cyber attacks might feel overwhelming when your organization is already facing disruption on many different fronts. Nevertheless, cybersecurity has to be a core business priority and it has to be everybody’s concern in the modern financial services organization. Here are 10 things you can do right now to make that happen:

  1. Integrate cybersecurity into the talent strategy and create a Chief Information Security Officer (CISO) role that is fit for the purpose of your organization.
  2. Clearly define cybersecurity responsibilities in your organization.
  3.  Put cybersecurity at the forefront of business strategy. It can’t be viewed purely as IT’s problem.
  4. Ensure that cybersecurity is at the heart of digital innovation and helps rather than hinders innovation
  5. Understand how regulation impacts your global business and work with the regulators as they also want a strong Financial Services sector.
  6. Risk-rate all your key assets and determine a protection approach for each one, with a focus on the “crown jewels.”
  7. Develop a dynamic and nimble cybersecurity risk management model to enable your organization to scale if there is an escalation of external risk, or a decision to change the organization’s risk appetite. That way you can calibrate changes in how you enforce security requirements with your vendors and partners.
  8. Integrate compliance into cybersecurity strategy. That way, any money invested in compliance will return value to the business by providing proper defense for the organization.
  9.  Strengthen resilience by having a clear crisis action and communication plan for when things do go wrong. Crisis and continuity management has to be thought through and practiced from board level on down, before something goes wrong, so that all people involved clearly understand their role in an incident.
  10. Collaborate with your peers. Today’s cyber risks threaten the entire financial system. We need to see more intra-sector solutions, as the failure of one key player could damage the reputation of an entire industry. 

The future for the financial services sector will clearly be defined by the digital agenda with an increased reliance on technology and connectivity. That will deliver many benefits for financial services companies and their customers but it will also present many cyber risks and, by doing so, threaten one of the core foundations of financial services – trust.

To win and maintain the trust of customers who expect their confidential information to be well protected, even as they demand an expanding range of digitally accessible products and services, companies will have to show their determination to preserve privacy, be available any time and any place and maintain the integrity of data. That involves understanding how cyber risks are evolving, keeping ahead of new regulation, embedding the right cybersecurity strategy and culture within the company, working closely with partners and vendors to secure the entire ecosystem and, crucially, identifying the crown jewels that must not be breached.

The companies that achieve these goals and prove to be reliable and trustworthy guardians of data will not only be the ones that customers trust. They will have succeeded in making cybersecurity a market differentiator that will offer stability in a disruptive age and help win more business. Those that cut corners and fail to combat cyber risk will lose trust and customers.

Read more: If you were under cyber attack, would you ever know?