Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Technology

The Great Reassessment: Your Cybersecurity Strategy to Kick Start 2023

The Great Reassessment: Your Cybersecurity Strategy to Kick Start 2023 1

By Steve Bomberger, Head of SEI Sphere

The Great Reassessment: Your Cybersecurity Strategy to Kick Start 2023 2

Steve Bomberger, Head of SEI Sphere

Financial services organizations are at an inflection point as we usher in a new era of cybersecurity—one requiring a holistic approach. The ongoing appetite for accelerated digital transformation, coupled with the tailwinds associated with high levels of geopolitical and market volatility, is transforming the way global financial services assess cyber risks as well as prioritize cybersecurity and IT solutions. 

Prior to the onset of the global pandemic, many financial organizations approached their cybersecurity strategy in a reactive, ad hoc, and tactical way—patching gaps as they appeared, quickly and imperfectly. While this may have been tolerable for managing cybersecurity threats then, today’s hybrid workforce and the need to remotely and securely access critical business data changes the approach companies must take to protect their organizations. It’s time to approach cybersecurity strategies with the topline, critical business objectives they deserve—with intentionality, a critical eye, and the short- and long-term in mind. 

There are three first steps every leadership team should take to properly re-assess their cybersecurity strategy. 

Shift the internal narrative on cybersecurity to the business priority. 

Start thinking about cyber risk on par with credit risk, default risk, economic risk, and other traditionally understood financial risks. Then appoint someone to lead your cybersecurity program and give them the authority—and budget—to secure the enterprise. Next, create a dedicated senior leadership committee to advocate for the cybersecurity strategy at the decision-maker level. This group should manage the creation of and ensure alignment with the guiding cybersecurity strategy that meets the organization’s specific needs, today and in the future. With cyberattacks on the rise, companies have a responsibility to prioritize cybersecurity like they would financial risks, which means putting together a board of directors that understands what cybersecurity is needed and has the expertise to execute on it. 

As expected, when cybersecurity needs increase, so does the need for board members who have cyber expertise. In fact, according to the Heidrick & Struggles’ Board Monitor, the sharpest increases in expertise among new board members from 2020 to 2021 were for sustainability (from 6% to 14%) and cybersecurity (8% to 17%). 

Board members’ expertise also contributes to how companies prioritize cybersecurity on their quarterly agendas. According to the EY Global Information Security Survey 2021 (GISS), four in 10 (39%) organizations put cybersecurity on their board agendas quarterly, up from 29% in 2020. However, in EY’s Global Board Risk Study 2021, only 9% of boards declared themselves extremely confident the cybersecurity risks and mitigation measures presented to them could protect their organization from major cyberattacks, which was down from 20% last year. 

Get honest about your organization’s current approach to cybersecurity

Fully audit your current cybersecurity framework by acknowledging blind spots and categorizing your current vulnerabilities by the level of risk and importance. This also means considering what priorities have shifted or become obsolete over the last 12-24 months, including the shortcuts that may have been taken and the needs that were shelved from the beginning. 

From a lack of organizational infrastructure visibility to system and tool integration to communication, the pandemic caused many organizations to implement more hurried builds, which has created challenges for cybersecurity teams. For instance, 56% of cybersecurity teams weren’t consulted, or consulted too late, when leadership teams made these urgent, executive level cybersecurity decisions, according to the EY Global Information Security Survey 2021 (GISS). This can cause flaws in defenses to be exploited by cyber attackers. 

In comparison, organizations with a designated incident response team that regularly implements their cybersecurity strategy processes—running drills and creating a comprehensive incident response plan—saw savings of $2 million compared to those that did not1. A well-executed plan for when a cyberattack occurs can significantly impact financials and reputation. 

Build momentum now. 

Integrating your cybersecurity strategy priorities into overarching business plans impacts future budget and financial plans—for the short and long term. By creating monthly and quarterly checkpoints and identifying key deadlines to ensure accountability, organizations will be able to more accurately and efficiently identify immediate next steps and continue making steady progress. 

Currently, HIPAA, the Gramm-Leach-Bliley Act, and the Homeland Security Act are the three most important federal cybersecurity laws in effect. They require financial, healthcare, and government entities to ensure their systems’ and data security. An important part of that progress is understanding and keeping track of upcoming regulations that will impact the organization over the next 12 to 18 months, including: 

  • The US Department of Justice set a three-year strategic plan to bolster its cybersecurity posture and prioritized other improvements to its IT skills, systems, and processes.
  • The Financial Crimes Enforcement Network has identified cybercrime as a top priority for anti-money laundering and countering the financing of terrorism policy, and it will be releasing regulations to implement this policy in the very near future2.
  • The National Law Review reported the SEC announced that its Crypto Assets and Cyber Unit would be nearly doubled in size, from 30 dedicated enforcement positions to 50. The unit’s focus includes enforcing violations of “cybersecurity controls at regulated entities” and “issuer disclosures of cybersecurity incidents and risks.” 

These are just a few future regulations top of mind, but it’s important for organizations to go beyond meeting these requirements. As financial services organizations adapt to a quickly changing and complex cybersecurity environment, digital acceleration, and market volatility, there is a unique opportunity to reassess and establish a cybersecurity strategy that meets current and future needs. 

Cybersecurity has moved from a business-siloed and regulatory-driven mandate to a topline organizational objective. It’s time for a holistic approach to cybersecurity that reflects change and ensures needs are met today and for the future.

1 IBM/Ponemon Institute Cost of a Data Breach Report
2 Reuters

Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate

Advertisement

Newsletters with Secrets & Analysis. Subscribe Now