What to do, now:
In addition to a "top-down" view starting with the board and senior management, banks should:
- Take a proactive stance. Banks should be proactive toward cyber security, continually monitoring, testing and experimenting with new technologies. Reactive cyber defense is no longer sufficient to maintain an effective security program and regulatory compliance.
- Have a broad view of risk management. Cyber risk should be considered alongside traditional enterprise risks to more effectively inform risk management decision making. In the Accenture 2015 Global Risk Management Study, nearly two-thirds (65 percent) of financial services executives surveyed said that cyber and IT risk would have an increased impact on their business in the next two years and that they are making talent and organisational decisions accordingly.
- Show a willingness to collaborate. In the current environment investment banks will need not only outside expertise, but also effective collaboration with cloud and other service providers to deal with emerging threats. Investment banks may also need to increase their willingness to share information regarding such threats with governments and industry groups.
- Pay attention to the "human factor." Many breaches occur as a result of human error, negligence or failure to follow security protocols. Privileged access management is a top risk in this area.
Cyber security requires a commitment - top down support, a sound strategy and organisational structure, effective training and communications --- and constant vigilance.
Sign up for CIO Asia eNewsletters.