The goal: resilience and protection
Cybercriminal gang steals $1 billion
$7.7 million to manage cyber risk
According to recent calculations, the mean annualized cost of managing cyber risk for every company is $7.7 million.2
A financial firm’s frequent response is to build a top-down approach for managing cyber security. Maybe it’s time for a new cyber risk management starting point—one focused on cooperation.
As the number and complexity of cyber attacks rises, financial institutions’ profitable existence is threatened. To effectively manage cyber risk, these industry trends point to building a partnership between operational risk and cyber security:
A coordinated response can mitigate reputational damage and reduce regulatory fines.
Senior leadership is catching on: They are realizing solutions stretch past technology, reaching into the people and process layer.
Institutions already are consolidating their silo-based risk management, due to poor cost-to-income ratios.
To help financial firms respond to increasing cyber threats, Accenture and Chartis Research have identified four keys to alignment:
Governance and ownership:
Establishing clear lines of responsibility from the board level downward
Taxonomies and methods:
Creating a common language to bridge the gap between the chief technology officer and the chief risk officer
Skills and capabilities:
Nurturing capabilities and competencies across operational risk and cyber security to develop a unified response
Technology and data:
Tapping technology, data and analytics to deliver a strong attack response
Integrating fraud, IT, cyber security and operational risk may not be a simple endeavor. It could mean defining—and redefining—governance, skills, taxonomies and technology to meet a common definition, language and approach to help operational and cyber risk converge.
An important first step is recognizing cyber security as a risk, complete with risk-based probabilities and impacts. Managing cyber risk in a convergent manner can bring both protection and resilience.
1. “The Great Bank Robbery: Carbanak cybergang steals $1bn from 100 financial institutions worldwide,” Kaspersky Lab, Virus News, February 16, 2015. Access at: http://www.kaspersky.com/about/news/virus/2015/Carbanak-cybergang-steals-1-bn-USD-from-100-financial-institutions-worldwide
2. “Forewarned is Forearmed, 2015 Cost of Cyber Crime Study: Global,” Ponemon Institute, October 2015. Access at: http://www8.hp.com/uk/en/software-solutions/ponemon-cyber-security-report/index.html