We’ve talked here about cyber security and its many tentacles: Whenever a business closes one security gap, a cyber criminal will continue “testing the walls” in search of another gap to exploit.
The problem spreads from the IT department to nearly every part of an organization, including, for example, a financial provider’s call center team, its fraud protection organization, its procurement and vendor management teams, the HR and recruiting department, the training department and even the corporate culture itself.
Seen this way, financial businesses seem almost porous when it comes to the potential for security breaches. Nearly every department is vulnerable, and thus each department must have its own security protocols and metrics.
When each department has its own processes, budget and strategy for cyber security, who owns the problem? Who is providing centralized coordination, and closing the gaps that might spring up between departments and operations?
In large part this is a corporate governance challenge that mandates individual departments put aside politics and jockeying for position so they can work together for the common good. Because the problem is all about risk, the CRO is the right person to lead this charge.
The risk department can push the conversation forward: Instead of a Chief Information Security Officer talking about secure technologies and budget needs, the Chief Risk Officer can elevate the discussion so security risk appetite and limits can be discussed alongside traditional risk types, such as credit risk, driving the conversation to a deeper, more sophisticated level.
Risk leaders know something must be done, but some are proceeding cautiously, waiting to see how things shake out. They can’t afford to wait very long. Banks need a comprehensive, holistic approach that can close the gaps in their business.
Banks that don’t solve this problem remain exposed to the opportunistic whims of terrorists and cyber criminals.