Has your financial enterprise built an effective approach for managing cyber risk? Often the answer to that question is “no.” Many financial firms are just beginning to grasp the challenge of cyber risk. A set of Accenture videos on cyber risk helps highlight many of the challenges.
Managing cyber risk is complex for many reasons, but one aspect is that it sits at the intersection of IT, cyber security and operational risk and typically has many senior people owning only part of the responsibility.
Financial institutions are subject to cyber attacks on an ongoing basis. The increasing number of data breaches and thefts helps explain why cyber security has leapt to the top of the risk agenda. As we have seen, this is not really a new threat.
Too often, financial institutions are working to establish controls that manage cyber risk only from the top down. Their IT departments are building firewalls and seeking out malware and phishing schemes.
But they are missing a large swath of the organization when it comes to managing cyber risks. We conducted a joint study with Chartis Research to further explore the growing cyber risk challenge. The resulting report suggests an integrated approach can help solve the puzzle. By bringing together cyber security and operational risk, an organization is better positioned to address a much larger slice of cyber crime activity.
This may be easier said than done, but several steps can help pave the way for a more integrated approach:
- Establishing governance and ownership, often by creating a new, holistic definition of cyber risk for the organization and clarifying roles and responsibilities
- Using advanced technology and data management tools
- Establishing a shared taxonomy, so everyone across the cyber risk domain speaks the same language
- Developing common or joint skills and capabilities across the IT and risk functions
Our cyber risk report offers more detail about each of these steps.
Organizations that integrate their operational risk and cyber security functions stand a much better chance of building cyber resilience, and protecting their business from the worst of a cyber attack.