The need for an integrated cybersecurity vision
Published October, 2017 |Digital and connectivity Print
At their core, all financial services are based on trust. To win and maintain the trust of customers, financial institutions have to demonstrate consistent dedication to preserving confidentiality, confirming the availability of systems and services, and maintaining the integrity of data. As such, cyber attacks pose an unprecedented and existential threat to the sector.
Putting cybersecurity at the heart of business strategy will help the financial services sector maintain and even enhance the trust of consumers, regulators and the media. For a start, the C-suite can no longer assume that cybersecurity is solely the responsibility of the information security (IS) or information technology (IT) departments. Instead, financial services companies must make cybersecurity a core part of business strategy and culture. In doing so, they can enable the whole organization to understand the risks they face, embrace the innovation needed to counter those risks, and have the resilience to regroup and restore operations smoothly and efficiently in the wake of a cyber breach.
Companies need an integrated cybersecurity vision – one that brings together the various functions and dependencies with other parts of the organization, external key stakeholders and third-party suppliers. This is no easy task, but is achievable if companies prioritize the following five areas:
1. Talent centricity
Build a culture that makes cybersecurity part of everyone’s job and create a chief information security officer (CISO) role that is fit for the purpose of your organization.
2. Strategy and innovation
Put cybersecurity at the heart of business strategy and ensure that new digital innovation includes cybersecurity at the outset.
3. Risk focus
Understand broad trends and new regulations that will impact how cyber risk governance needs to evolve. Implement a three-lines-of-defense (3LoD) approach with clearly defined roles and responsibilities to manage cyber risk effectively.
4. Intelligence and agility
Develop internal knowledge capabilities to use contemporary insights and information to assess the greatest cybersecurity threats. Deliver timely threat identification with a sharp focus on protecting the critical assets of the organization.
5. Resilience and scalability
Be prepared to recover rapidly from a cyber breach while holding your ecosystem to the same cybersecurity standards that you follow as an organization.
These five priorities will help financial services companies develop a cyber-secure and aware business culture that will protect the company, offer competitive advantage in the marketplace and help to solidify trust in the sector.
The pace of change in today’s increasingly digitized world has led to the convergence of different risk disciplines that complement each other to address clients’ needs and those of their customers, regulators and business partners. Figure 1 explains the interlocking elements that make this possible.