Cybersecurity has become one of the top agenda points for every boardroom in the financial services industry and we're starting to see the appointment of more chief risk officers, along with those appointed
rising through the executive ranks.
Alongside this shift, cyber attacks are taking place on a daily basis, and most financial services organisations (if not all) will have been targeted at some point, by malicious third parties anxious to gain access to customer or transaction data, sensitive
financial information or for confidential details on a specific institution’s strategy. We’ve seen a number of high profile attacks targeting UK and European banking institutions, with recent reports stating that organisations in the financial sector face
300% more attacks than any other industry. It’s no surprise that the Bank of England’s latest
Financial Stability Report also cited cyber-risk as an area of increasing concern with increasingly frequent attacks causing disruption to the banking system, and that
banking chief execs in the UK named cyber attacks second only to over-regulation as the biggest threat to their industry.
The response to this threat from UK and European banks has been really positive, and it is encouraging that many have put processes and tools in place to protect themselves and their customers. But there is much more that we can do as an industry to keep
ahead of the hackers. In particular, we are experiencing an intersection between cybersecurity and risk management – as the threat increases, our ability to map it and share it as an industry, through risk management policies and ‘white hat’ collaboration,
will be vital to protecting businesses and their customers.
The importance of standards
One area in particular that continues to cause difficulties in this field centres on standards and reporting, particularly around risk. There are specific challenges around data and the frequency with which this information is shared, and with which institutions.
For example, between the Bank of England, Financial Conduct Authority, European Central Bank and European Banking Authority, financial organisations face a multitude of reporting styles and data requirements. And it’s not a problem faced only within Europe,
but one which must be reviewed on a global scale.
Accelerating information sharing
From the organisations I’ve met with, the key to tackling the financial services cyber risk challenge will lie in speeding up key processes and information sharing, and agreeing a consistent structure for reporting attacks and breaches to all industry bodies.
This will not be an easy task, and will require more regulation and agreement globally, something which financial services organisations have so far found difficult to impose, even at a local level. Crucially, the industry must support those who are falling
behind with their ability to record and report risks to the industry, to ensure that everyone is able to collaborate and tackle the attacks cohesively. Through better knowledge and experience sharing whenever breaches occur, we will be able, as an industry,
to build a better picture of the threats, and begin to make serious headway in ensuring all of our customers - and their data - are protected.
The importance of collaboration
In order to move the industry forward, collaboration is key. This must be led by impartial authorities, but with information sharing across financial services organisations. Formalised processes and a strategic approach to incident response when a breach
occurs, will help to rapidly map the threat to other organisations. Introducing standards in this area could also reduce costs for financial services businesses. Technology vendors also have a role here, to support organisations on their journey to more structured
data management and reporting processes.
It’s clear that the cyber threat to financial services organisations is one which isn’t going to fade in the near future, and that the chief risk officer faces a significant task in collaborating to combat the threat. To counter it effectively, it will be
crucial for financial sector businesses, industry bodies, suppliers and consultants to work together and put in place standards and information sharing policies so we can better protect our industry.