Cyber risk is causing headaches throughout financial services, with banking, capital markets and insurance leaders identifying the topic as a priority concern. In an Accenture global survey of financial services leaders, 74 percent of insurance respondents expected cyber and IT risks to become more severe. Similarly, 65 percent of banking respondents and 58 percent of capital markets respondents predicted an increase in severity.1

At the upcoming RiskMinds International conference, I’ll be addressing the pervasive increase in threats to cyber security. People worry about three dimensions in cyber risk:

  • Operational concerns and reputation: Ironically, reputational risk at one level is decreasing—because cyber risk has become so pervasive. Breaches have happened to many well-known enterprises. But operational risk as a whole remains a challenge: Financial losses and further reputational degradation occur when a business fails to operate and/or respond in a stressed environment. Firms lose goodwill when they can’t protect data.
  • Technology: From a security standpoint, this is where the rubber meets the road. In the technology realm we find the virtual unlocked windows and doors that expose a business to cyber risk. We can’t turn strategy back, away from the increasingly digital, connected world we operate in, so we should protect the security of our technologies. But the efforts do not stop there.
  • Fraud and financial crime: Any number of cyber criminals could pose a threat to the business. In fact, I’ll take a closer look at possible criminal types in my next post. Protecting against things like money laundering, monetary theft, data theft and internal fraud remain critical for financial firms.

The threats are numerous, across each of these dimensions of cyber risk. There’s also a reality that financial services businesses should face: You won’t be able to protect yourself completely. Cyber criminals are too many, too fast and too nimble, and the doors and windows too numerous, to provide 100 percent protection.

It stands to reason businesses should change their focus when it comes to cyber risk. The goal can’t realistically be so heavily weighted towards prevention any more. How can you lock every door, when new doors are popping up all the time? Instead, the goal for financial firms should be resilience—an ability to maintain operations and bounce back in the face of a threat.

Cyber resilience reflects a firm’s ability to identify, prevent, detect and respond to process or technology failures—and recover from an attack, while reducing customer harm and minimizing reputational damage and financial loss.

In other words, if cyber crime is going to happen, the best a business can hope for is to minimize the damage—detect early, respond quickly, learn, adapt and keep evolving as the cyber threat evolves. An effective approach to cyber resilience might mean the difference between a business’s success or failure.

Stay tuned for my next post, where I’ll continue this discussion.

1. “Accenture 2015 Global Risk Management Study, Insurance Report, Banking Report and Capital Markets Report,” 2015. Access at:

Submit a Comment

Your email address will not be published. Required fields are marked *