Banks Must Integrate Operational and Cyber Risk to Improve Resiliency

By: Kelley Katsanos| - Leave a comment

Bigstock

Although banks are reinforcing their defenses against potential threats to lessen cyber risk exposure, it may not be enough. As threat actors inevitably increase and security threats continue to evolve, banks will need to connect their cybersecurity efforts with broader operational risks to create an environment that is quick to recover when challenges occur, according to new research from Accenture.

Banks Overconfident in Their Security Strategy

The Accenture study shows 78 percent of senior security executives feel confident about their overall cybersecurity strategy, yet an average of 85 serious attempted breaches occurred, with financial-sector firms facing thousands of malware, phishing and penetration attacks per year. Out of these attempts, 33 percent were successful, and 59 percent went undetectable for several months. The research results could indicate banking security executives are overconfident in their cybersecurity defense approach to reducing cyber risk, especially as threat actors become increasingly sophisticated.

New Approaches to Reduce Cyber Risk

The evolving threat landscape in the banking sector may dictate new approaches that will better manage risk. Banking security professionals traditionally build a strong perimeter by establishing controls from the top down, but they may be better off tying in the technical factors of cybersecurity with the wider concerns of operational risk.

Forbes refers to the Basel Committee on Banking Supervision, which defines operational risk as the “risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems, or from external events.” Based on this definition, banks not only need resilient IT systems — they must also be able to reassure their customers, set up effective backups and compensate for losses if a cyberincident occurs.

Therefore, new approaches to mitigate cyber risk should include “advance planning, cooperation and communication between operational, risk, infrastructure and cybersecurity teams,” Forbes recommends. Identifying data assets, providing multiple layers of defense and quarantining a breached area are essential to ensuring financial firms’ broader systems remain operational in the event of a cyberattack. Forbes also suggests the banking sector should incorporate cyber risk into their enterprise risk management strategy to mitigate the loss from incidents such as distributed denial-of-service attacks or data breaches.

Yet banks are making strides to enhance cybersecurity by increasing their investments in both technology and security expertise and by improving the governance framework to help ensure accountability. Furthermore, they are developing a comprehensive security strategy to include cyber response initiatives that cover both stakeholders and key business assets — actions that aim to further lessen cyber risk.

Topics: , ,

Comments

About The Author

Kelley Katsanos

News Writer

Kelley Katsanos is a freelance writer specializing in business and technology. She has previously worked in business roles involving marketing analysis and competitive intelligence. Her freelance work appears at IBM Midsize Insider, Houston Chronicle's chron.com, and AZ Central Small Business. Katsanos earned a Master of Science in Information Management from Arizona State University as well as a bachelor's degree in Business with an emphasis in marketing. Her interests include information security, marketing strategy, and business process improvement.