For financial services organizations, the need to bring technology to market quickly to maintain a competitive advantage—along with the ever-evolving sophistication and boldness of cyber criminals—has left cyber security struggling to catch up. Financial services organizations can benefit from applying several “big-picture” principles to cyber security. In addition to a “top-down” view starting with the board and senior management, these include:
A proactive stance. Accenture’s research and experience suggest that financial services organizations should take a proactive approach toward cyber security, continually monitoring, testing and enhancing capabilities in line with the ever changing threat landscape. Reactive cyber defense is no longer sufficient to maintain an effective security program and regulatory compliance.
A broad view of risk management. Cyber risk should be considered alongside traditional enterprise risks to more effectively inform risk management decision making. In a recent Accenture study, 65 percent of financial services executives surveyed said that cyber and IT risk would have an increased impact on their businesses in the following two years and that they are making talent and organizational decisions accordingly. Demand for cyber security skills continues to escalate quickly.
A willingness to collaborate. The internal cyber security teams at financial services organizations might have been able to deal with yesterday’s threats. To handle the emerging threats in the current environment, however, organizations need outside expertise, as well as effective collaboration with cloud and other service providers. Financial services organizations might also need to increase their willingness to share information regarding such threats with governments and industry groups, including the Financial Services Information Sharing and Analysis Center, which conducts its Annual Summit in Miami Beach, Fla. May 1-4, 2016.
Attention to the “human factor.” Many breaches result from human error; either through negligence, lack of security education or inconsistent control models. Financial Services organizations should have organized and integrated programs to raise awareness of security issues, encourage proper procedures and assign responsibility when individuals are at fault. Insider threat frameworks should be enhanced and user behavioral analytics should be deployed to manage the human components, whether malicious or accidental.