As our reliance on interconnected systems grows, so does the vulnerability of Britain’s financial sector to cyber attacks. Malicious actors exploit weaknesses in the networks, software, and hardware of financial services organisations, targeting sensitive
data, critical infrastructure, and personal privacy. In this ever-evolving digital era, it becomes increasingly critical for chief information security officers (CISOs) working at the heart of the finance sector to address and mitigate these cyber security
risks to ensure effective data protection and cyber resiliency.
recent report from the National Cyber Security Centre predicted that the number of “hackers for hire” is set to grow over the next five years. This illustrates the increasingly high-level threat cyber crime poses to the UK’s economic and social growth and
it is vital to ensure that financial services institutions can recover and run smoothly for Britain’s economic benefit.
Furthermore, according to a
government report from 2022, 77% of businesses now see cyber security as a high priority, an increase of 12% since 2016. The data points to an undisputable need for readiness at the helm, to deliver a tough and strong security posture as cyber attacks,
such as ransomware, continue to evolve and grow. The
UK government has stated that it will support those companies which work to improve their cyber resilience by increasingly working with market influencers (procurers, financial institutions, investors, auditors and insurers) to incentivise good cyber security
practices across the economy.
Protecting the UK’s money and data
The UK government is keenly aware of the scale of looming cyber threats and has already taken steps to clarify and refine UK data protection legislation post Brexit by reducing EU red tape and introducing the
UK Data Protection and Digital Information Bill in March of this year.
Removing red tape should slim down the data protection process for financial services firms with UK-only operations. However, catching up in the race against perpetrators already taking advantage of holes in the network is still a very real challenge.
The answer lies in the mindset decision-makers adopt towards improving the cyber security standards within financial institutions. Where a CISO sits in the organisation, and whether they are adequately resourced, are both statements on how competently an
organisation is identifying and managing cyber risk. Many organisations in the financial services sector are aware of this but there is still progress to be made.
Reinforcing the defence capabilities
CISOs are best placed to provide strategic-level guidance for their organisation’s cyber security programme to maintain compliance with policies, standards, regulations, and legislation. However, a hurdle many organisations encounter is hiring senior executives
to provide cyber risk management advice, and then failing to adequately support the CISO role.
Cyber risk is not a problem to be fixed, but a condition to be managed. Financial institutions cannot afford to repeat the mistake of dismissing cyber risk management as purely an IT challenge and instead need to see it as an area of ongoing innovation for
the whole organisation.
The key words in the CISO’s title are ‘information security’, but unfortunately, CISOs are generally not responsible for data backup and recovery. To create and maintain holistic cyber protection, CISOs need the same powers as COOs to move throughout an
organisation, allowing them full visibility of how data is moved and stored.
Security leaders need to be able to answer key questions such as:
- Do we know where all of our personally identifiable information is located?
- Do we know who has access to it?
- Do we have adequate strategies in place to manage it?
- Do we know when someone is accessing it, and who shouldn’t be accessing it?
It is important for CISOs to be given the authority to ensure that they have a clear ransomware recovery position and to oversee and maintain an effective data backup infrastructure while anticipating and understanding emerging cyber security threats. It
is important that they take responsibility for checking that the firm and its employees are well educated and trained on best-practice cyber security. Implementing such objectives will tighten access and defence for data and create cyber resiliency.
The UK government has often emphasised the significant danger posed by cyber attacks to the stability of the country’s economy and society. It is critical for Britain’s cyber security leaders within the financial services to be equipped with the right tools
to address the increasing and evolving risk.
In the current challenging multicloud environment, granting CISOs clear visibility into the internal data flow of their organisation can facilitate the identification of areas to enhance data protection, security infrastructure, and protocols. This enables
them to anticipate threats and implement safeguarding measures to ensure operational resilience so business can continue as usual.