Other parts of this series:
Technology is creating risk – and opportunity
If cybersecurity isn’t close to the top of the risk agenda for your financial services firm, then it should be. The number and sophistication of cyberattacks are rising relentlessly – and projections suggest the threats are only going to increase.
What’s driving this growth? A significant contribution to growth is the rising availability of advanced technologies like automation, machine learning and artificial intelligence (AI). Attackers across the world are increasingly using these sophisticated technologies to shut down businesses or expose customer data.
Looking forward, it’s clear these technologies will largely determine the future of both cyberattacks and cyber resilience in financial services. Why? Because while they pose new threats, they can also provide banks and insurers with the opportunity to protect themselves more effectively and improve their cyber resilience.
Awareness outpaces investment
Accenture’s 2018 State of Cyber Resilience research in insurance and banking & capital markets finds that 80 per cent or more of executives across both sectors regard technologies like automation and AI as essential to combatting cybercrime.
Yet a look at what firms are actually doing reveals a less positive picture. Less than half of the firms surveyed are investing in AI and machine learning (43 per cent) and in automation technologies (38 percent) in the context of cyber defense. And just 21 per cent plan to increase their investment significantly in the next three years.
This is worrying. If UK financial services firms don’t keep pace with the latest tools that the “cyber bad guys” are now using, their cyber risk is likely to rise at a headlong pace. It’s critical that firms make sufficient investments in deploying the breakthrough technologies that are increasingly being used by cyber criminals, and also become much more sophisticated at applying them.
How to meet fire with fire
To respond effectively to the “arms race” in cyber technology, firms should consider taking these three steps as a matter of urgency:
- Implement automated orchestration capabilities, enabling their security teams to respond to attacks and any breaches in near real-time.
- Pressure-testing their cyber resilience to mimic the actions of attackers, enhancing conventional “red team” attacks and “blue team” defense testing through techniques like coached incident simulation, threat intelligence and using experienced player-coaches.
- Utilize advanced machine learning algorithms that are replacing manual reviews for activities like cleaning-up access management, especially in insurance but also increasingly in banking & capital markets.
To keep the upper hand in your ongoing battle with cyber attackers, and be truly cyber resilient, you need to keep pace with them in the technology race. Fall behind, and your firm’s future could be at risk. Now’s the time to act – and harness the power of breakthrough technologies in your cyber strategy.
In my next post, I’ll share how banks and insurers can strengthen their cyber security by fully integrating the CISO into the wider business. In the meantime, to learn more, read our 2018 State of Cyber Resilience reports for Banking & Capital Markets and Insurance.