Risk Management
Beyond digital transformation: How the finance sector can use cyber as a growth enabler
The financial services sector has evolved significantly in recent years. Nearly three-quarters (71%) of UK citizens now use at least one FinTech service, highlighting the growing threat posed by new players.
Save to Folio
The landscape has changed
The financial services sector has evolved significantly in recent years. Nearly three-quarters (71%) of UK citizens now use at least one FinTech service, highlighting the growing threat posed by new players. Open banking mandates add further commercial and regulatory pressure. In response, financial services organisations are adopting cloud services in great numbers. Over half of UK banks are planning to migrate 50% or more of their operations to the cloud. IT-OT convergence and complex supply chains add yet more opportunity for hackers.
Most organisations therefore have a large, distributed attack surface comprised of heterogenous technologies. This scenario would be difficult enough to manage even with a full complement of cybersecurity professionals. But industry shortages continue to bite. The result? Three-quarters (75%) of financial services IT and business leaders we polled are concerned with the size of their digital attack surface.
They face threats such as:
- Phishing: Targeting the persistent weakness in corporate cybersecurity that is company employees.
- Business email compromise (BEC): It is estimated to cost organisations eight times more than ransomware attacks.
- Ransomware: Nearly three-quarters (72%) of financial services organisations have been compromised by ransomware at least once over the past three years.
- Vulnerability exploitation: Last year was another record for vulnerability disclosure.
- Misconfiguration: Brought about by a combination of rapid cloud investment and a lack of in-house skills.
Six steps to improve security posture
Financial services organisations must manage these risks whilst staying on the right side of regulators looking for evidence of non-compliance with GDPR, PCI DSS, NIS, PSD2 and more. Trend Micro recommends the following next steps for ambitious companies:
1. Speak the right language
IT and security leaders need to speak to the board in a language of business risk. This starts with having the right data to hand to better understand cyber-risk levels.
2. Get buy-in from the top
It’s vital that security leaders have access to the resources they need, and that these funds are delivered not in a reactive, piecemeal fashion but released in a strategic manner. This requires a board which understands the consequences of failing to act and is engaged and alert to the business risk that can stem from security failures.
3. Build a security-by-design culture
Awareness of cyber risk must be built into every business process, and the behaviour of all employees—from the very top down. This cultural shift may take time, but the stakes are too high to ignore the challenge.
4. Have the right people in place
Financial services organisations need a CISO with the right tools in place to help communicate with the board, and a team of diversely skilled practitioners to support them across threat detection, incident response, compliance expertise, and risk management. Continuous awareness training is a must to ensure they remain alert to cyber risk at all times.
5. Develop rigorous cybersecurity processes
This should include risk assessments, supplier risk management, regulatory compliance, incident response, security policies, monitoring and detection, business continuity and security governance.
6. Adopt a platform-based approach to cybersecurity
Point products often add cost, complexity, administrative overheads, and security gaps for cybercriminals to hide in. Consolidating on a single platform to manage risk across the entire attack surface will help to eliminate data silos, provide comprehensive visibility and protect assets. It could also reduce the costs associated with managing extra licenses, and save time for stretched IT teams.
7. Find the right cybersecurity partner
In today's digital landscape, cybersecurity can be an important differentiator your financial services organisation. So choosing the right vendor to team up with is more critical than ever – a trusted partner with a comprehensive range of solutions, excellent customer/analyst reviews and a long track record of success.
Getting this right will ensure you in this sector can accelerate your journey to digital maturity, and drive competitive advantage through more effective data-driven decision making. Improving security posture ultimately provides a more stable foundation—not just to keep the lights on, but to innovate and grow.
