Other parts of this series:
Are security breaches detected early enough?
About 80 per cent of executives surveyed as part of the Accenture 2018 State of Cyber Resilience study say they’re confident in the effectiveness of their security capabilities to reduce financial risk and disruption from a cybersecurity event, but are they overconfident?
The State of Cyber Resilience study in insurance and banking & capital markets firms finds that about one in five attempted breaches are successful – a sizeable number of incidents. What’s more, over 40 per cent of breaches are not detected for more than a week, and with 9 per cent it takes more than a month.
The message is clear: while financial services (FS) executives are making headway in addressing cyber risks, there’s still a lot more to do. And as cyber adversaries ramp up their attacks and deploy ever more sophisticated technologies, the urgency of strengthening firms’ cyber defenses is growing all the time.
The answer: cybersecurity mastery
Mastering cybersecurity can allow FS firms to become truly cyber resilient. Key to this is investing smartly in the right capabilities and becoming more adept in applying the breakthrough technologies that are increasingly used by cyber criminals.
Five building blocks for cyber resilience in financial services
What does cybersecurity mastery look like? Here are five vital building-blocks:
- Be brilliant at the basics
Insurance executives in the UK tell us that 20% of their business isn’t covered by the cybersecurity program, a figure that rises to 30% for UK banks. These basic shortcomings should be addressed by hardening and protecting core assets.
- Pressure-test your resilience
Mimic the actions of attackers, supplementing conventional attack-and-defense testing through things like coached incident simulation, threat intelligence and experienced player-coaches.
- Employ advanced technologies to automate defenses
This means investing in breakthrough technologies to beat new threats. For example, automated orchestration capabilities allow security teams to respond in near-real-time.
- Use intelligence and data to hunt threats proactively
Around 80 per cent of UK respondents to the State of Cyber Resilience study agree advanced technologies are essential to a secure future – but only 40 per cent are investing in machine learning/AI and automation. Cybersecurity masters invest in and use these capabilities.
- Adapt the CISO role to be part of business leadership
To be truly effective, CISOs should feel at home in the C-suite as well as the security centre. Yet just 49 per cent of UK insurance respondents and 57 per cent of their banking & capital markets peers currently report direct to the CEO or board.
Amid today’s expanding threat landscape, cybersecurity mastery isn’t a nice-to-have, but a business imperative. These five building-blocks can help you achieve it.
In my next post, I’ll share three actions banks and insurers can take to deploy the breakthrough technologies that are increasingly being used by cyber criminals. In the meantime, to learn more, read our 2018 State of Cyber Resilience reports for Banking & Capital Markets and Insurance.