Banks Must Integrate Operational and Cyber Risk to Improve Resiliency
Although banks are reinforcing their defenses against potential threats to lessen cyber risk exposure, it may not be enough. As threat actors inevitably increase and security threats continue to evolve, banks will need to connect their cybersecurity efforts with broader operational risks to create an environment that is quick to recover when challenges occur, according to new research from Accenture.
Banks Overconfident in Their Security Strategy
The Accenture study shows 78 percent of senior security executives feel confident about their overall cybersecurity strategy, yet an average of 85 serious attempted breaches occurred, with financial-sector firms facing thousands of malware, phishing and penetration attacks per year. Out of these attempts, 33 percent were successful, and 59 percent went undetectable for several months. The research results could indicate banking security executives are overconfident in their cybersecurity defense approach to reducing cyber risk, especially as threat actors become increasingly sophisticated.
New Approaches to Reduce Cyber Risk
The evolving threat landscape in the banking sector may dictate new approaches that will better manage risk. Banking security professionals traditionally build a strong perimeter by establishing controls from the top down, but they may be better off tying in the technical factors of cybersecurity with the wider concerns of operational risk.
Forbes refers to the Basel Committee on Banking Supervision, which defines operational risk as the “risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems, or from external events.” Based on this definition, banks not only need resilient IT systems — they must also be able to reassure their customers, set up effective backups and compensate for losses if a cyberincident occurs.
Therefore, new approaches to mitigate cyber risk should include “advance planning, cooperation and communication between operational, risk, infrastructure and cybersecurity teams,” Forbes recommends. Identifying data assets, providing multiple layers of defense and quarantining a breached area are essential to ensuring financial firms’ broader systems remain operational in the event of a cyberattack. Forbes also suggests the banking sector should incorporate cyber risk into their enterprise risk management strategy to mitigate the loss from incidents such as distributed denial-of-service attacks or data breaches.
Yet banks are making strides to enhance cybersecurity by increasing their investments in both technology and security expertise and by improving the governance framework to help ensure accountability. Furthermore, they are developing a comprehensive security strategy to include cyber response initiatives that cover both stakeholders and key business assets — actions that aim to further lessen cyber risk.