One million new threats
Costing $20 million
A business’s ability to identify, prevent, detect and respond to process or technology failures and recover—minimizing customer harm, reputational damage and financial loss.
Senior Managing Director
Accenture Finance & Risk Services
To be well positioned, we believe cyber resilience should focus on managing three types of risks in particular. To know if your business is managing all three, ask yourself these questions.
Risk 1: IT/technology risks
Technology systems and infrastructure are often “ground zero” for cyber attacks and other breaches.
Are you conducting systems and data surveillance?
Are you doing penetration testing?
Is your tech risk management program integrated with operational risk efforts?
Risk 2: Operational risks
These risks are tied to the potential failure of a firm’s business processes or technology infrastructure.
Have you defined your operational risk appetite?
Does your program include controls to detect or prevent cyber attack?
Do you have an end-to-end framework that connects horizontally between the CRO, CIO and COO?
Risk 3: Fraud and financial crime
Fraud or financial crime might be a large, one-time event or a series of small, harder-to-detect, low-cost events.
Do you engage in industry sharing of attack data to improve detection and response?
Is your surveillance program able to monitor and detect anomalies inside the institution?
Have you incorporated detective business processes to spot criminal activities?
We believe a strong approach to cyber resilience means building holistic capabilities across risk and security. Our methodology targets every entry point and angle at which financial organizations should build readiness.
Event Response Plan:
Structure to identify and manage action plans
Structure to manage incidents and notify impacted parties
Aggregated set of typical risk associated with Cyber Risk
Scenarios which can impact the organization
Detection and Identification:
Tools and metrics to identify and log aspects to manage operations
Aligning the tools to identify and detect threats along with their escalation and oversight
Business and IT Controls:
Oversight of the controls and their testing programs
Specifying the structure with people, organization, roles, tools and processes to govern
Source: “How to Make Your Enterprise Cyber Resilient,” Accenture, October 2015
11. “Internet Security Threat Report,” Symantec, April 2015, Volume 20. Access at:http://www.symantec.com/security_response/publications/threatreport.jsp
22. “Cyber Attacks on U.S. Companies in 2014,” The Heritage Foundation, October 27, 2014. Access at: http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014