Other parts of this series:
In the first part of this series, we talked about the cognitive dissonance financial services (FS) firms have when it comes to perception vs. reality in cyber resilience. While four in five banks are confident they are protected from cyber crime, our Accenture research revealed that one in every three attacks succeeds.
In order to mitigate cyber security risks, leaders in FS need to understand where to invest resources and begin to build cybersecurity into the people strategy of their enterprises.
Here are three areas that C-suite should focus on:
- Leading from the top: Start with the board of your FS firm and build its cyber literacy in order to make it an equal priority to business risk assessment. Encourage your chief information security officers (CISOs) to step out of their comfort zones and engage with enterprise leadership on a day-to-day basis on cybersecurity matters.
- Agility of response: The security threats to FS, and the industry itself are changing at a rapid pace. There needs to be a built-in flexibility for both the people and the technology to thwart the attacks properly. Instead of focusing on one-off solutions, FS firms need to embrace change as a continuous part of their fabric.
- Learning from past lessons: For effective cybersecurity, achieve a greater maturity and improve your FS organisation’s ability to protect it from future losses.
How can leaders in FS invest to innovate and outmanoeuvre in cyber resilience? They need to prioritise resources in eight key steps:
- A holistic approach to building cyber awareness. Consider gamified learning solutions to immerse your FS workforce in cyber resilience. Methods such as in-person simulation, online games, and digital comic series help generate awareness about cybersecurity.
- Business alignment. Assess cybersecurity incident scenarios for your FS firm to better understand those that could materially affect the business. Identify key drivers, decision points, and barriers to the development and transformation strategies.
- Strategy Threat Context. Analyse competitive and geopolitical risks that are unique to your FS organisation in order to properly align the cybersecurity program with the overall business strategy of your enterprise.
- Extended ecosystem. Prepare your FS firm to cooperate during crisis management, develop third-party cybersecurity clauses and agreements, and focus on regulatory compliance.
- Governance and leadership. It’s up to leaders in FS to focus on accountability, nurture a security-minded culture, and create a clear-cut cybersecurity chain of command.
- Cyber resilience. Understanding the cyber threat landscape presented by the individuals and the roles they play is key to cyber resilience. Leverage modern security permissions, audit and use analytical capabilities, keeping in mind not all roles have equal risk – e.g. access to customer and trading systems.
- Cyber response readiness. Create a robust response plan for your FS organisation, by challenging and resetting behavioural patterns and/or habits that create security weakness. Plant the seed that prepares employees to respond appropriately to exceptional events (think of safety training on an oil rig, where employees know what to do in the event of a catastrophe such as a fire or a storm).
- Investment efficiency. Compare organisational investments of your FS firm against industry benchmarks, business objectives and cybersecurity trends.
Our survey revealed that only about a third of respondents has confidence in their capabilities in the above cybersecurity domains. Making investments in these areas a priority will help improve your FS firm’s cyber resilience.
Redirecting resources to strategies and building cybersecurity into your people culture will help your FS firm innovate and outmanoeuvre potential cyber attackers.
To learn more, register to download the report: Building Confidence: Solving Banking’s Cybersecurity Conundrum
In March, Accenture Security’s Sanjeev Shukla wrote an excellent blog series on how to bridge the cybersecurity perception gap: Cybercrime: Time for a New Approach.
We’ve also discussed security and privacy in relation to open change ecosystems at our Change Director Forum last month. Coming up in September, our People Innovation Forum, co-hosted with Peter Cheese from the CIPD, will address the latest on this topic, as well. If you are interested in participating, please contact firstname.lastname@example.org or email@example.com.