He said this comes down to not just technology, but people and process: "So how do we go from a cyber security analyst that is very much focused on technology and cyber controls, to an analyst that understands the business and can have a conversation with someone in the payments space?"
This approach can also be seen in the language of modern cyber security vendors. Splunk's cyber security tools are all marketed with a focus on intelligence and response, and UK cyber startup Darktrace is making good progress in the enterprise market because it is rooted in this approach.
From perimeter security to multiple layers
Gottfried Leibbrandt from SWIFT highlighted the need for a change in thinking from its clients, "from perimeter security where no one gets inside our walls, to in-depth defence."
"Realising that sooner or later someone will get in and catching them when they get in, seeing what they do and being able to respond by having multiple layers of defence," he said.
Leibbrandt from SWIFT pointed out that the days of banks keeping their cyber strategy a closely guarded secret are over if there is to be any progress in combating today's cyber threats.
He said: "A lot of the threats we see today exploit the ecosystem, they don't look for an individual link in the chain, they look for weak points in the end-to-end chain, so the response means we have to work together as an ecosystem."
Many of the conference attendees mentioned the recently opened National Cyber Security Centre as a positive step for the private sector towards snuffing out cyber threats.
Goode from Deutsche Bank put it best when he said: "As soon as you make it more difficult, as soon as you start sharing and taking away the different avenues to target any bank and increase awareness, you make it a less enticing environment for adversaries to engage in."
Despite many admitting it is a pain, scenario testing and exercises are one of the best ways for organisations to protect themselves from cyber threats, especially when they are conducted across the industry. The Bank of England and Financial Conduct Authority have typically taken a pretty progressive and collaborative approach to resiliency benchmarking in the UK.
Legault from JP Morgan said: "Doing exercises, so getting everyone around the table and you simulate scenarios so you understand where your gaps are and what you do well, you understand what you need to build into your cyber process and your resiliency process. It is essential to do that with everyone within your organisation: legal, cyber, compliance, the business, the operations folks, the technology folks and even your peers."
Sign up for CIO Asia eNewsletters.