Skip to main content Skip to Footer

CYBER RISK AND RESILIENCE


Tackling cyber risk by integrating operational risk and cyber security

When banks and financial institutions pair IT and risk functions, they build strong cyber risk resilience

Overview

An integrated approach can help manage increasing cyber risk

The goal: resilience and protection

Cybercriminal gang steals $1 billion

  • In a two-year period, an unnoticed $1 billion was siphoned from financial firms around the world.1  

$7.7 million to manage cyber risk

  • According to recent calculations, the mean annualized cost of managing cyber risk for every company is $7.7 million.2


A financial firm’s frequent response is to build a top-down approach for managing cyber security. Maybe it’s time for a new cyber risk management starting point—one focused on cooperation.

DOWNLOAD REPORT: THE CONVERGENCE OF OPERATIONAL RISK AND CYBER SECURITY [PDF]

OPERATIONAL RISK + CYBER SECURITY

As the number and complexity of cyber attacks rises, financial institutions’ profitable existence is threatened. To effectively manage cyber risk, these industry trends point to building a partnership between operational risk and cyber security:

  • A coordinated response can mitigate reputational damage and reduce regulatory fines.

  • Senior leadership is catching on: They are realizing solutions stretch past technology, reaching into the people and process layer.

  • Institutions already are consolidating their silo-based risk management, due to poor cost-to-income ratios.

"Getting IT systems rebooted is only half of the solution. Converging with operational risk is the other half. "

Keeping ahead of cyber threats

To help financial firms respond to increasing cyber threats, Accenture and Chartis Research have identified four keys to alignment:

Governance and ownership:
Establishing clear lines of responsibility from the board level downward

Taxonomies and methods:
Creating a common language to bridge the gap between the chief technology officer and the chief risk officer

Skills and capabilities:
Nurturing capabilities and competencies across operational risk and cyber security to develop a unified response

Technology and data:
Tapping technology, data and analytics to deliver a strong attack response

A successful security framework

Integrating fraud, IT, cyber security and operational risk may not be a simple endeavor. It could mean defining—and redefining—governance, skills, taxonomies and technology to meet a common definition, language and approach to help operational and cyber risk converge.

An important first step is recognizing cyber security as a risk, complete with risk-based probabilities and impacts. Managing cyber risk in a convergent manner can bring both protection and resilience.

DOWNLOAD REPORT: THE CONVERGENCE OF OPERATIONAL RISK AND CYBER SECURITY [PDF]

Follow the conversation


 

Source:

1“The Great Bank Robbery: Carbanak cybergang steals $1bn from 100 financial institutions worldwide,” Kaspersky Lab, Virus News, February 16, 2015. Access at: http://www.kaspersky.com/about/news/virus/2015/Carbanak-cybergang-steals-1-bn-USD-from-100-financial-institutions-worldwide

2“Forewarned is Forearmed, 2015 Cost of Cyber Crime Study: Global,” Ponemon Institute, October 2015. Access at: http://www8.hp.com/uk/en/software-solutions/ponemon-cyber-security-report/index.html