Did you know that 67 percent of financial services executives believe the likelihood of a cyber attack is “very” or “extremely” high, and that only 9 percent of those respondents are proactively testing their systems? This was one of the key findings we discovered in our 2015 Global Risk Management Study.
It’s no secret that investment banks regularly deal with highly sensitive business and personal information—everything from transaction details for a wealthy individual, to the terms of an upcoming merger or acquisition. Since banks know that the cost of compromised data (both in terms of monetary losses and reputational damage) can be significant, data protection has always been a top priority in the industry. So how can this disconnect between cyber threat awareness and preparedness be explained?
First, technology has changed how investment banks do business. Bank operations are migrating from internal, custom-built IT systems to third-party, cloud-based platforms. On the customer side, transactions are moving from desktop computers and landline telephones to cell phones and tablets.
Second, cyber criminals have become more sophisticated. Hacking has become an industrialized business, with criminals selling (or sometimes even freely sharing) information about institutional vulnerabilities.
In short, technology is evolving rapidly, forcing banks to move faster to maintain their competitive advantage. That leaves them vulnerable to hackers who are hot on the trail looking for new opportunities to exploit.
The good news is that technological innovation is not just good for business (and potentially hackers)—it’s also good for cyber security. Voice biometrics, social log-ins, and risk- and content-based identification are just a few of the exciting developments aimed at protecting data during individual bank-client interactions. At a macro level, banks are also exploring technologies that can identify anomalies in network traffic, prioritize threats and even anticipate breaches.
What’s the next step?
Investment banks can benefit from applying several “big-picture” principles to the cyber security challenge:
- Adopt a proactive stance by continually monitoring the situation and experimenting with new defense technologies.
- Take a broad view of risk management and consider cyber security risk alongside traditional enterprise risks.
- Be willing to collaborate—not only internally, but also with external service providers, industry groups and even government.
- Don’t underestimate the “human factor.” The reality is that many breaches are the product of human error, negligence or failure to follow security protocols—whether malicious or accidental.
Technology is saying go-go-go, but I would like to encourage investment banks to take the time and dedicate the resources required to tackle cyber security strategically. It will pay dividends in the long run.
Check out the full report for Accenture’s five security recommendations for the digital era: https://www.accenture.com/us-en/insight-investment-bank-challenges-confronting-cybersecurity.aspx