Source: Finance Derivative
By Owen Miles, field CTO at Everbridge
Financial institutions play a critical role in the international economy by enabling the transactions that power businesses, foster innovation, and fuel the everyday lives of people around the world.
With billions or trillions of dollars under their purview, financial enterprises have an enormous responsibility to safeguard their assets from hackers, fraudsters, and thieves – not to mention the equally serious threats of the physical environment and the natural world. It is not an easy task. The risks are everywhere, and many threat vectors are increasing in scope and intensity.
Financial organisations are also a number one target for malicious cybercriminals, with recent data revealing that cyberattacks are increasing at a dramatic rate, impacting almost all businesses across the globe.
For instance, the FBI recently reported a 300 percent increase in cybersecurity activity since the start of the COVID-19 pandemic. Businesses and individuals are now lodging between 3000 and 4000 complaints every day as bad actors take advantage of the pandemic’s uncertainty and the changing online habits of employees and consumers.
When these cyberattacks are successful, they can cost enterprises dearly. In 2020, the average cost of a cyberattack was $3.86 million, with total losses from these events projected to reach $6 trillion by the end of 2021. In addition to this, the world is also in the midst of a ransomware pandemic, where cybercriminals are using malware to hold systems and data hostage in return for payment. These attacks are reportedly happening every 11 seconds and netted cybercriminals over $590 million in the first half of 2021.
Unfortunately, many enterprises feel poorly equipped to protect their interests in the cyber environment. In 2021, an IDG survey revealed that 78 percent of senior IT and IT security leaders believe their organisations do not have the processes and controls in place to fend off a cyberattack. Participants expressed dissatisfaction with their organisation’s security roadmap, technologies and tools, and the skills of their internal teams.
While these doubts are prompting a significant hike in spending on cybersecurity over the next 12 months, true operational resilience can only be attained when financial organisations take a holistic, coordinated approach to addressing digital and physical risks across the entire enterprise.
So, what are the best strategies to achieve lasting operational resilience?
Below are some top recommendations from some of the world’s most experienced security, compliance, and risk management executives from high-profile financial institutions on the best strategies to achieved operational resilience in the face of the increasing risks posed by cybercrime. The recommendations will help any enterprise accelerate its progress into true operational resilience.
- Take the 360-degree view of risk across the enterprise:
Cybersecurity is critical, but being able to respond to threats in the physical environment is equally important. Create a multidisciplinary risk response taskforce that includes everyone involved in keeping the enterprise secure.
- Break down existing siloes and avoid creating new ones as the enterprise grows:
A common taxonomy is key for busting siloes and ensuring that everyone is able to effectively monitor threats. When integrating new units into the business, consider ways to retool their processes and systems to align with shared frameworks.
- Foster communication with leadership and across internal teams:
Engaging leadership to generate buy-in and understanding who to contact when is crucial for meeting regulatory requirements and remaining agile.
- Assess risk early and often to stay ahead of potential threats:
Real-time risk identification may still be somewhere in the future, but keeping a regular schedule of thorough risk assessments can prevent issues from slipping through the cracks. Making frequent risk assessment a core competency for the enterprise can help prepare organisation for taking a proactive, predictive stance.
- Reinforce the ongoing value of security, risk management, and resilience activities:
Work closely with senior leaders and staff at all levels of the organisation to explain the importance of investing in risk management and mitigation. Provide accessible and impactful educational resources to encourage positive behaviours – and don’t get discouraged if widespread change takes time.
As digital and physical risks continue to rise for financial enterprises, operational resilience is more important than ever. By identifying common challenges and deploying effective solutions, risk management executives can support the monetary, reputational, and regulatory health of their organisations when unexpected threats put stress on the enterprise.
