Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .


Demonstrating the value of cybersecurity investment in uncertain times

iStock 1348369671 - Global Banking | Finance

Demonstrating the value of cybersecurity investment in uncertain times

135 - Global Banking | FinanceBy Chase Richardson, Principal Lead Consultant at Bridewell

The financial community is coming under mounting pressure to safeguard its interconnected systems and networks from cyber threats, particularly following a string of high-profile attacks on the sector from nation-state actors and other criminal groups. One recent example includes the recent breach of financial software provider ION Markets, which upended derivatives trading across multiple countries. Organizations are left reckoning with their heightened status as vulnerable and attractive targets for threat actors.

To address these concerns, the White House has released a National Cybersecurity Strategy, imposing mandatory regulations across all industries to “disrupt and dismantle” threat actors as part of a persistent, continuous campaign. Imminent changes to the Securities Exchange Commission (SEC) cybersecurity rules will also raise the pressure on financial organizations, requiring them to promptly disclose all security incidents and implement robust measures against cyber-attacks.

Time is increasingly of the essence – but preparation doesn’t come for free. Amidst lingering inflationary pressures, recent Bridewell research has revealed that 86% of finance organizations within US critical infrastructure are seeing reductions in their cybersecurity budget, largely attributed to the economic slowdown.

While there is no silver bullet in cybersecurity, it’s also something that simply cannot be compromised. So, how can financial organizations show they are finding the right balance, maximizing resource efficiency and minimizing cyber threats amidst rising costs and risks?

Optimizing security ROI

According to Bridewell’s research, US finance organizations suffered an average of 42 ransomware-related security incidents in the last year alone – a significantly higher mean than for any other sector within critical infrastructure. These attacks can have a devastating financial impact on businesses, with costs going well beyond the direct ‘hit’ of any ransom paid. The indirect cost of downtime and recovery of lost data can also far exceed the investment required for a proactive and robust security strategy.

Therefore, organizations must embrace a risk-based approach, effectively allocating their stretched resources and concentrating their cybersecurity efforts on protecting the most critical assets and data. This will result in a much greater return on investment (ROI) as it tightly aligns security measures with potential business impacts, enabling firms to minimize disruptions while mitigating the financial and reputational consequences of a cyber-attack.

Financial services organizations should also adopt a mindset of prioritizing quality over quantity, not only in terms of security tools but also when it comes to third-party vendors. Simply investing in more and more disparate tools is expensive, unsustainable, and often fails to consider the integration between technologies and the potential security holes that may arise. Likewise, an influx of vendors and partners can lead to increased risk exposure. Instead, consolidating technologies, tools, and vendors is vital for enabling a unified view of security across the business, allowing firms to streamline risk analysis and assessment. It also presents opportunities to identify where technology can relieve operational challenges by using automation to enhance efficiency.

With Bridewell research revealing that financial firms face an average of 44 security incidents related to social engineering every year, it is more crucial than ever to invest in the continuous cybersecurity training and development of an organization’s first line of defence – its staff. This ensures that employees remain updated on the latest practices and evolving threats, enabling them to respond promptly to emerging cyber risks and reduce the potential impacts and costs of a security incident.

Demonstrating cybersecurity’s worth

While cybersecurity has shifted from a technology risk to a business imperative, some C-suite decisionmakers may still struggle to recognize the concrete value of implementing a robust security strategy, particularly during periods of financial uncertainty and competing priorities. Therefore, it is vital to emphasize the ROI of cybersecurity, especially when demonstrating its impact on technology, people, and processes across the entire organization.

To gain executive buy-in and support, security leaders should first establish a clearly defined cybersecurity strategy that co-ordinates with the firm’s wider business goals. This strategic alignment will play a vital role in demonstrating to the board how investing in cybersecurity can yield specific objectives while effectively mitigating risks. Moreover, a clear and cohesive strategy provides a framework for measuring progress and assessing the overall ROI of cybersecurity spend.

When it comes to communicating the impact of security investment in a meaningful way, leaders must set measurable objectives, define key performance indicators (KPIs), and establish clear benchmarks, so that they can provide evidence of all positive impacts on the organization’s financial and operational performance. By highlighting the competitive advantage gained, security teams will be able to showcase the lasting value of the investment, explaining how the benefits go far beyond peace-of-mind against cyber-attacks and deliver long-term business benefits.

Enhancing security with MDR

To optimize cybersecurity and overcome resource limitations, finance organizations should cut through the noise of old-fashioned tools, especially for threat monitoring and response. Outdated technology stacks can generate a barrage of alerts, which often require manual review and expert analysis before any team can take action. In contrast, modern tools allow for real-time identification of patterns and behaviors across multiple technologies, effectively minimizing noise and condensing it into a few actionable alerts. This empowers security teams to streamline their operations, prioritizing critical threats and responding quickly and efficiently.

Managed detection and response (MDR) is particularly powerful as it combines human analysis, artificial intelligence (AI), and automation to rapidly detect, analyze, investigate, and actively respond to cyber threats around the clock. Deployed swiftly and cost-effectively as a fully outsourced service or via a hybrid security operations center (SOC), MDR helps organizations to establish a robust security architecture to protect their on-premises systems, cloud-based applications, and SaaS solutions. By enabling firms to quickly tackle new cyber threats as they unfold, MDR also minimizes the time hackers have to dwell within a network.

The most effective services also utilize extended detection and response (XDR) technology. This ensures additional detection and response capabilities across network, web and email, cloud, endpoint, and – most crucially – identity. Working hand in hand with MDR, this comprehensive approach empowers organizations to safeguard their users, assets, and data from an ever-growing range of cyber threats.

In the face of mounting economic pressures, financial firms must now make cybersecurity a top priority to protect their critical operations and data. By collaborating with a trusted security provider to implement MDR and XDR, organizations can streamline essential cybersecurity processes and enable staff to level up their skills. This proactive stance not only maximises the ROI of security, but also enables firms to effectively manage risks, protect their reputation, and maintain the trust of their customers in an increasingly volatile security landscape.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post