Cyber crime has become increasingly pervasive and challenging to manage. This makes cybersecurity a highly complex topic that is difficult to get right due to the many variables involved (e.g., suite of technology required, data sensitivity, multitude of direct and indirect players). The challenge is further compounded by emerging technologies, such as artificial intelligence (AI) and Internet of Things (IoT), which serve as vehicles for cyber crime to further extend its boundaries. As a result, cybersecurity has become not only a technical problem, but also a business problem.
According to a 2017 joint study by Accenture and the Ponemon Institute titled “Cost of Cyber Crime,” the annualized cost of cyber crime for financial services companies globally grew by 40% over a 3-year period, reaching $18.28 million in 2017.1 The same study also indicated a 27% annual increase in the average number of successful breaches per company surveyed across industries.2
This blog post explores the three main areas financial services clients struggle with and how they can strengthen their cyber agendas.
1. Moving from a Reactive to a Proactive Cybersecurity Strategy
Until recently, our experience indicates financial services clients have focused their investments on the user interface to make the experience sleeker and appeal to an ever-growing, technologically-savvy client base. Though these investments have generally improved the customer experience, they have come at a price, namely enhancements in these organizations’ back-end technology. This delay in upgrading capabilities has made financial services firms more susceptible to cyber crime and has inevitably led many of them to adopt a reactive approach to cybersecurity.
However, due to the evolving threat landscape and increased regulations, financial organizations have begun to adopt a proactive approach to cybersecurity, with key investments being made in their security architecture. This trend is expected to continue as clients enhance their technology suite, particularly their security intelligence systems, cyber analytics, automation and identity management.3 Through strong governance, containment, and remediation processes, financial institutions are building robust cybersecurity programs across platforms and channels that are better suited to withstand breaches and protect their client data and, consequently, reputations.
2. Enhancing Cybersecurity Programs Through Strategic Alliances
Accountability sharing and alignment across the different cybersecurity players (e.g., financial services companies, governments, software developers, clients) is key. Between regulator and customer expectations, financial institutions should leverage advanced thinking to help manage the factors required to establish a strong cybersecurity program.
Financial organizations can innovate and balance efforts to meet these expectations through alliances and cross-industry consortiums. These alliances and relationships create forums to discuss prevalent cyber attacks, share information on the types of investments being made, and analyze security incident responses. For instance, the Cyber Defence Alliance is composed of select European banks who share awareness of cyber threats and educate each other on how best to meet modern-day cyberspace requirements.4 Through collaborations and forums such as these, firms can explore industry “best practices” and, subsequently, support each other in becoming more cyber resilient.
3. The War for Cyber Talent
Lastly, the shortage of cyber professionals presents a bottleneck for institutions’ and their third parties’ cyber agendas. According to Forbes, “every year in the U.S., 40,000 jobs for information security analysts go unfilled…”5 The Information Systems and Audit Control Association (ISACA), an international non-profit IS advocacy group, predicts this shortage may be as large as 2 million cyber security professionals globally by 2019.6
Without the proper talent to complement and fortify the security investments organizations are making, the return on investment (ROI) provided by these business decisions should be limited. To help alleviate the problem, our research and work with clients has shown that 3 key focus areas are common among chief information security officers:
- Leverage automation where possible and utilize advanced reporting and analytics capabilities to prioritize and complement manual processes; this should limit the number of cyber professionals needed7
- Integrate the role of the Chief Information Security Officer with the business so that security gaps across people, process and technology are more thoroughly identified8
- Invest in cybersecurity trainings and certifications for existing information technology talent
- Consolidate the number of security technologies being used so that information technology personnel can centralize their cybersecurity education, thereby helping to more quickly alleviate the knowledge gap
Stay tuned for our next blog, featuring cybersecurity insights on financial service firms’ third parties.
- “Cyber Crime in Financial Services: The Big Picture,” Chris Thompson, Accenture, February 15, 2018. Access at: https://financeandriskblog.accenture.com/cyber-risk/cyber-crime-in-financial-services-the-big-picture
- “2017- Cost of Cyber Crime Study: Insights on the Security Investments That Make a Difference,” Accenture and Ponemon Institute, 2017. Access at: https://www.accenture.com/t20171006T095146Z__w__/us-en/_acnmedia/PDF-62/Accenture-2017CostCybercrime-US-FINAL.pdf#zoom=50
- Cyber Future Foundation- Cyber Defence Alliance. Access at: http://cyberfuturefoundation.org/
- “The Fast-Growing Job with a Huge Skills Gap: Cyber Security,” Forbes, March 16, 2017. Access at: https://www.forbes.com/sites/jeffkauflin/2017/03/16/the-fast-growing-job-with-a-huge-skills-gap-cyber-security/#3bfebc365163
- “From Insecurity to Resiliency: 2018 State of Cyber Resilience for Banking and Capital Markets,” Accenture, September 2018. Access at: https://www.accenture.com/ca-en/insights/financial-services/2018-state-of-cyber-resilience