With 2023 in the rearview mirror, we can look back on the year with 20/20 clarity. This year saw banks confronting multiple risks, some foreseeable and others less so. If the year has taught us anything, it’s that banks can do more to guard against the risk they can predict, and risk they may not see coming.
In 2024, risk will remain one of banking’s greatest challenges. With rising residential and commercial real estate prices, mortgage payments are outpacing wage increases, resulting in default risk. Global economic uncertainty continues to loom large, while cyberattacks continue to pose a significant threat. The rise of gen AI has handed hackers a whole new set of tools, enabling deep fakes, viruses and sophisticated phishing scams.
How do banking CEOs view cyber risk? A recent survey to understand banking CEOs’ perspectives on cyber resilience produced some noteworthy results.
Our research, “The Cyber-Resilient CEO,” explores the role of C-suite leaders in handling cybersecurity threats to their organizations. The survey involved 1,000 CEOs of large organizations (those with more than $1 billion revenues) in 15 countries and 19 industries. 53 banking CEOs were represented in our sample.
When we asked banking CEOs about the biggest issue they are currently facing, 41% of them identified an ability to maintain digital trust with end consumer and business clients with the growing risk of fraud. And nearly half of respondents cited modernizing technology (26%) and regulatory compliance (21%) as the key issue. It suggests that banks simply cannot afford to loosen their grip on digital risk and compliance.
And the rewards of being more cyber resilient are worth having. Our research finds that CEOs who adopt a more cyber-resilient approach than the rest achieve 16% higher incremental revenue growth, 21% more cost reduction improvements and 19% healthier balance sheets. What’s more they detect, contain and remediate threats faster and their breach costs are 2X and 3X lower than others.
Challenging the status quo
Unfortunately, the path to gaining such benefits is not always easy. The cyber threat landscape is complex and influenced by increasingly high levels of disruption. The Accenture Global Disruption Index—a composite measure that covers economic, social, geopolitical, climate, consumer and technology disruption—shows that levels of disruption increased by 200% from 2017 to 2022. It may not be banking industry-specific disruption, but the ripple effect is being felt wherever it lands.
Banking respondents are more aware than the global average of the three key forces creating cyber vulnerabilities:
Technology innovation: 62% of banking CEOs ranked the accelerated pace of technology innovation as one of the top risks for cyberattacks, 10% more than the global sample—with 89% rating cyber trust and resilience as highly relevant for emerging technologies, like generative AI and quantum computing.
Supply chain disruption: 36% of banking CEOs rank supply chain as the second highest external risk, far less than the global sample at 51%.
Environmental vulnerabilities: 92% of banking CEOs acknowledge the link to and vulnerability from environmental changes and initiatives, vs 90% of the global sample.
It’s not as if banking executives are unaware of the important role of cyber defense: 98% of banking CEOs acknowledge cybersecurity is a key business enabler but only one-third (36%) strongly agree they have deep knowledge of the evolving cyber threat landscape. And two-thirds (66%) are concerned about their organization’s ability to avert or minimize damage to the business from a cyberattack.
What banking CEOs say
There are some key characteristics that define the cyber-resilient CEO and it’s good to see that CEOs in the banking industry appear to be making better progress in cyber resilience than the global average.
Here’s how it plays out:
These findings are supported by our conversations with C-suite banking executives across the world and it’s reassuring to see that banking is slightly better than the global average in terms of including cybersecurity on the agenda; 26% of banking CEOs have dedicated board meetings for discussing cybersecurity issues, against just 15% of global average respondents.
Five steps to the cyber-resilient banking CEO
Banking CEOs can watch and learn from the core group of cyber-resilient CEOs who assess cybersecurity across their organizations from a broader perspective, including talent, innovation, sustainability and customers; they proactively take the following five actions:
- Embed cyber resilience in the business strategy from the start.
- Establish shared cybersecurity accountability across the organization.
- Secure the digital core at the heart of the organization.
- Extend cyber resilience beyond organizational boundaries and silos.
- Embrace ongoing cyber resilience to stay ahead of the curve.
Mitigating risk is a huge part of any bank’s remit and will continue to play an important role in the year ahead. Greater cyber resilience will be a high priority for the banking C-suite, especially in the AI era.
If you’d like to know more about the practical steps of how to become a cyber-resilient CEO, we encourage you to read our report today or get in touch to continue the conversation.
What role will risk play in the next year? Watch for our Top 10 Trends for 2024, Banking on AI in January.