Today Hiscox publishes its Cyber Readiness Report, surveying how prepared major institutions are to face cyber-attacks. Last year the report found many businesses underprepared for cybersecurity threats.
The need for financial institutions to be prepared against cyber attacks is doubly pressing this year, following a raft of new regulations. These have shifted the mandate from one of the annual compliance exercises to an ongoing assurance that IT systems are prepared and secure.
A variety of products offer security for financial services companies’ critical applications. But the growing complexity of banks’ systems means that the approach to cybersecurity products is not fit for purpose, warns systems integrator World Wide Technology.
Nick Hammond, lead advisor for financial services at World Wide Technology, comments: “The Hiscox report will serve as an important reminder to financial services firms about the importance (and difficulty) of securing against the cyber threats.
“This kind of protection is all the more necessary this year, in the wake of new regulations such as MiFID II, PSD2 and GDPR. Unlike older rules that only required yearly tick-box compliance exercises, these new regulations require continued assurance of critical applications.
“But with the complexity of existing IT systems, which have been built with different and sometimes opposing metrics over the years, this is easier said than done. Legacy infrastructures are often formed from an extremely complex patchwork of applications, which communicate with each other in convoluted ways.
“This web of opaque interdependencies is creating problems for cybersecurity. Without a clear view of how the system is plumbed together, there can be knock-on effects downstream when one application is prevented from sharing data with another system or user.
“To meet changing regulatory requirements, companies in the financial space need to access infrastructural expertise, to generate a working, real-time picture of the entire framework. Only after gaining this level of visibility can the right security policies be fitted to each application in a way that fits within the functioning of the existing system, allowing components to communicate as they need to whilst closing them off from external threats.”