With another major cyber breach hitting the headlines, it is a sobering reminder of the importance of sound cyber security. Financial regulators have flagged cyber-crime as a growing concern for financial services and are increasingly active in the industry. For example, the Bank of England now plans to hold a war game next week to test the sector’s defences against attack. The SEC has also charged 32 individuals with fraud for allegedly hacking into newswire services to obtain financial information, as well as another 30 defendants who allegedly traded on that information, generating more than $100m in illegal profits.
Across the industry the risk of cyber-attack is growing exponentially as the opportunities presented by improved technology and systems connectivity continue to grow. Breaches in the confidentiality, integrity or availability of customer data are significant, but the loss of customer or stakeholder trust in their service can be terminal.
Securing digital channels is a complex exercise, and one that draws on a range of governance, risk and assurance capabilities as well as in-depth technical and cyber security skills. Those that best control this risk:
- Balance opportunity and risk (throughout the organisation) – They make sure everyone understands the opportunity offered and the threat posed by digital and information technologies. This understanding starts at the Board of directors and covers all employees, contractors and third parties.
- Integrate risk management – They actively manage the cyber security risk as a part of their enterprise risk management framework. They have a clear and continually improving architecture to make sure dynamic service development are built consistently with the risk appetite.
- Assume they have been hacked - They build technology that can not only defend against potential threats in depth, but that is resilient to breaches and that can detect and alert when an incident is taking place.
- Control the risk intelligently – They recognise that everyone’s risk is different, and that blending control, insurance, outsourcing and expert advice can effectively manage this risk better than simply using technology.
- Monitor and report – They understand what information is needed at each level to monitor the success of their security programme and to identify areas for improvement.
Clients have found our free cyber risks consultation sessions extremely useful. Over a couple of hours, we run a scenario exercise based on real-life cases to help identify the problems your business faces. For further information or to enquire into a cyber risks consultation, please contact Steve Williams.