As digitization and connectivity continue to expand, the attack surface for threat actors is increasing in tandem. The result is that cyber adversaries have an ever-wide range of opportunities to target. And they are doing so – as evidenced by the recent series of headlines about high-profile breaches, some of which have affected multiple institutions along the financial markets value chain.
The current flow of high-profile breaches is unlikely to subside any time soon. Instead, it will be sustained by a diverse array of factors – including the rising sophistication of threat actors, an ever more consolidated and concentrated industry landscape of exchanges and market infrastructures that make up the arteries of the financial markets, and the sheer amount of value that runs through their wires.
What’s more, in light of increasing levels of regulation and the ever-present threat of breaches, my view is that investments in addressing cyber risks will continue to rise. These investments will be driven by a combination of internal security requirements, new “open architecture” operating models for market infrastructures, and the need to protect the security of key partners within the ever-expanding capital markets value chain.
The threat actors seeking to exploit the vulnerabilities in financial exchanges and market infrastructures range from those seeking financial gain to those aiming to disrupt the financial ecosystem. Together with increasing regulation, these threats mean effective cyber resilience is vital for unlocking secure, responsible and confident growth. A recent Accenture report on the state of cyber resilience in banking and capital markets identified 33 capabilities that institutions can apply to achieve cyber resilience.
While effectiveness across all 33 capabilities is an ideal state that few institutions will achieve, there is a subset of these capabilities that is of particular importance for mastery of cybersecurity. This subset includes capabilities such as quickly identifying breaches, ensuring recoverability of systems and data, and extending cybersecurity standards across the ecosystem. Increasingly, we are seeing firms widen their focus towards enhancing security across their broader ecosystem, by fostering transparency through increased information sharing and closer collaboration when responding to and recovering from a cyber incident.
Against this background, capital markets firms claim that they are rising to the challenge of cybersecurity, with 75 percent of executives in these businesses stating they are “confident” or “extremely confident” about their effectiveness across technologies and capabilities according to our research. While this might seem reasonable, my view is that – given the increased sophistication of threat actors and the far-reaching effects an attack can have on the financial ecosystem as a whole – significant further steps are needed to achieve cybersecurity mastery and provide the stability required for confident growth.
So, how can we pave the way towards cybersecurity mastery? The first step is for the leadership of exchanges and market infrastructure firms to ask the right questions. By doing this, they will educate individuals across the organization, enabling them to gain a deeper understanding of their businesses’ cyber dimension and drive the accelerated development of a new set of capabilities needed to address threats in the digital era. Examples of the right questions to ask are presented below. For more details, please see the Accenture Security report on the cyber resilient enterprise.
|Leadership and governance||Do you really understand what is at stake for the business in the cyber arena?|
|Culture||Do you put security first?|
|Funding||What is the right amount of investment?|
|Metrics and reporting||Are you measuring your security efforts for business relevance?|
In the coming years, it’s inevitable that we’ll see more high-profile breaches make the headlines. But while cyber incidents will continue, I have no doubt that financial institutions across the world understand that the time to act is now – and that they will move quickly to seize the opportunity to drive confident growth through interconnectivity with other institutions, often in collaboration with their broader ecosystems.
If you have any questions about achieving cyber resilience in exchanges and market infrastructure Institutions, please don’t hesitate to contact me at firstname.lastname@example.org.