As financial firms digitalize to meet customer demands for simple, 24/7 access, each digital door opened exposes them to new cyberthreats from third parties, insiders and geopolitical risk.
Despite significant cybersecurity spending over the past several years, many companies are still as exposed as they were before that spend. The Threat Gap—the gap that exists between investments in technology, people and processes to mitigate cybersecurity emerging threat vulnerabilities—continues to widen.
Companies need to change their approach, cutting a wider swath with intelligence gathering—and baking cybersecurity into the business.
In 2016, 75 percent of banking executives expect to invest in hardened devices and encryption, 66 percent in better protection around systems, but only 20 percent in improved intelligence gathering and assessment. The first two actions will not by themselves stop breaches. An intelligence-focused approach will be required to create a comprehensive strategy. You cannot defend against what you do not know.
True cybersecurity is a combination of defense, resilience and assurance. It is not simply purchasing the latest cybersecurity product. It requires a new mindset as well as a new skill set.Most banking and capital markets executives view cybersecurity risks as stemming from a limited set of external sources, such as criminal elements. With that view, they are missing key threats of a new breed. Executives are still somewhat behind in their thinking on this issue, as only one-third view geopolitical risk as a cybersecurity threat.
Closing your Threat Gap requires:
Taking cybersecurity out of the technology silo. Input from top-level executives beyond the CISO is crucial.
Making cybersecurity a reported expectation on all projects—from architecture to daily processes, it should be a prime concern. Bake it into the business.
Using an intelligence-based approach to protect your company’s information and employees. The new breed of threats requires no less.