Skip to main content Skip to Footer

TOP 10 CHALLENGES FOR INVESTMENT BANKS 2016


Cyber Security:
Confronting the threat

Challenge 09

Introduction

By the very nature of their business, investment banks possess vast quantities of highly sensitive information.

When such information is compromised—whether by determined cyber criminals or individuals within the organization by accident—the consequences, in terms of reputational damage and monetary losses, could be significant.

Traditionally, investment banks have always been highly aware of the importance of safeguarding customer and transaction data and have taken all the steps deemed necessary to do so. In the current environment, however—with organized cyber criminals running industrialized hacking operations and freely selling and/or sharing information about institutional vulnerabilities—investment banks may be dealing with forces that cannot be addressed exclusively by internal resources.

DOWNLOAD FULL CHALLENGE [PDF, 413 KB]

CYBER THREAT AWARENESS
AND PREPAREDNESS


ACTIVE TESTING

9%

Proactively run inward-directed attacks and intentional failures to test their systems on a regular basis

LIKELIHOOD OF ATTACK

67%

Believe the likelihood of an attack is “very” or “extremely” high

PRIVACY BREACHES

68%

Believe there is a high likelihood of privacy breaches of personal data

Source: Accenture Research

RESULTS FROM ACCENTURE’S 2015 GLOBAL RISK MANAGEMENT STUDY



APPLY “BIG-PICTURE” PRINCIPLES TO CYBER SECURITY



A PERVASIVE CONCERN

In this environment, cyber security becomes not only a major challenge for investment banks, but also a key responsibility of their boards of directors and senior management teams. Boards and management need to consider:

ADDRESSING STRUCTURAL ISSUES

For investment banks, effective cyber security begins at the top with the board of directors and senior management. Firms need a structure that recognizes the business issues connected to cyber security, while providing the expertise needed to deal with specific and ever-changing threats. Security models and tools are proliferating, creating complexity and potentially compromising security, so an integrated approach is needed to make the best use of new solutions.

A 2015 study conducted by Accenture and Ponemon Group found that firms that displayed leadership in cyber security shared certain characteristics, including immediate reporting of security incidents to the CEO and board of directors, clear definition of responsibility and authority pertaining to security, and effective communication of security requirements to all employees.1 At leading companies, the CISO is more likely to report directly to a senior executive, set the security mission by defining strategy and initiatives, and have a direct channel to the CEO in the event of a serious security incident. They also provide sufficient resources for cyber security teams to deal with existing threats, while researching and preparing for new types of attacks.

SECURING THE EDGE

New technologies—particularly those in the area of mobile communications—are opening new horizons for investment banks and their clients. Transactions are no longer limited to landline telephones or desktop computers; mobile phones and tablets now serve as effective platforms for many activities. However, the functionality of such devices has often outpaced the ability of investment banks and other financial services firms to protect customers’ privacy and prevent unauthorized access to their accounts.

Investment banks that provide secure mobile applications could differentiate themselves, but few have the technological sophistication to do so today. Innovation often takes place at the tactical level, without the benefit of a high-level, holistic view of security concerns. Investment banks, like other financial services firms, need to find a balance between maintaining security and providing an optimal customer experience.

DEFENDING THE DIGITAL INVESTMENT BANK

Enable business growth and secure operations

Defend the business from hostile adversaries

Enabling business resilience and brand trust by interlocking security strategy with business strategy Addressing boardroom and C-Suite concerns about the security breaches on shareholder value, revenue and compliance
Reinventing security to be “digital friendly” by supporting user centricity and Internet scale, and addressing digital concerns such as big data, Internet of things and commerce Gaining security-situational awareness across expanding business boundaries and developing a rapid-response capability
Developing solutions to manage technology and process security risks outside of direct organizational control while leveraging security “as a service” Testing environmental robustness and implementing security automation to offset staff shortages

Source: Accenture Research

ADOPTING NEW TECHNOLOGIES


Some players have begun exploring promising new technologies to identify and prevent cyber incursions. Following in the footsteps of retail banks that are using biometric authentication at automated teller machines in certain countries, some investment banks are piloting voice biometrics for added security and a better customer experience during telephone transactions. Others are exploring new authentication methods, such as social log-ins and risk- or content-based identification. Although still in very early stages, such services may soon represent a competitive advantage for firms with tech-savvy clients.

Investment banks can benefit from important features of new security technologies, including the ability to identify anomalies in network traffic, prioritize threats and provide advance warnings of possible breaches. Whether business is conducted on an in-house legacy platform or through the cloud, investment banks should regularly evaluate their vulnerabilities. They can apply threat monitoring to understand potential problems and leverage threat intelligence to understand when cyber criminals (or rogue individuals within the organization) are attempting to take advantage of such vulnerabilities. In some cases, data visualization may help identify problematic behavior—not only by cyber criminals, but also by customers, counterparties and employees.

THE “BIG-PICTURE” APPROACH

For investment banks, the need to bring technology to market quickly to maintain a competitive advantage—along with the ever-evolving sophistication and boldness of cyber criminals—has left cyber security struggling to catch up. Investment banks can benefit from applying several “big-picture” principles to cyber security. In addition to a “top-down” view starting with the board and senior management, these include:

1 https://www.accenture.com/us-en/insight-cybersecurity-research-report

2 https://www.accenture.com/us-en/global-risk-management-research-2015



This content has been prepared by Accenture and is for information purposes. No part of this content may be reproduced in any manner without the written permission of Accenture. While we take precautions to ensure that the source and the information we base our judgments on is reliable, we do not represent that this information is accurate or complete and it should not be relied upon as such. It is provided with the understanding that Accenture is not acting in a fiduciary capacity. Opinions expressed herein are subject to change without notice.