Effective cyber risk management is emerging as an imperative for wealth management firms. But the best prevention efforts often involve many functions within an organization—because cyber hackers are attacking through many openings, often within the same “hack.”
A joint Accenture and Chartis Research report finds combining functions can help yield good results. Bringing together cyber security specialists from IT and operational risk professionals can make a significant difference—but only if certain hurdles are addressed.
Our report identifies several conflicting definitions of cyber security, based on examples provided from financial institutions. These definitions include:
Protecting against services or applications in cyberspace that are being leveraged for—or actually are—the crime. This definition misses physical network attacks, such as black boxes.
Detection, prevention and recovery from malicious or deliberate damage, bypass or removal of IT controls. Here, the definition is too narrow and does not address who holds responsibility for a cross-functional attack?
Technologies, processes and tactics to protect networks, computers, programs and data from attack. This definition is a little too soft, a little too vague. It comes uncomfortably close to matching the definition for IT security.
An attempt to subvert information risk controls of a bank for a perpetrator’s agenda. Is this a technical or non-technical breach? The definition does not specify.
The Accenture/Chartis research begins with the Basel Committee’s definition of operational risk as a starting point: “The risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems, or from external events.”