Cyber Risk Management Strategies
Author: Jose Monteagudo, Editor-in-Chief 1st Global Cybersecurity Observatory
As a consequence, cyber risk management is an ongoing process that involves identifying, assessing and responding to risks.
But the tricky part is that to effectively manage risk, a financial institution firstly needs to understand the likelihood of an event occurring and then the potential impact. As the threat landscape is continuously evolving this assessment process is becoming very complex, time consuming, prone to errors, requiring an increasing number of scarce and expensive resources for the organization.
With this information the organization might have an internal debate with regards to the level of acceptable risk, basically its risk tolerance.
Once the organization understands risk tolerance, they can take informed decisions to prioritize cybersecurity activities, programs and expenditures.
With regards to the different approaches to handling risk, basically, there are four ways to go, including mitigating the risk, transferring it, avoiding the risk or accepting it.
Major cyber risks for financial institutions
Cyber attacks are increasing in both frequency and complexity with financial institutions being the major target for cyber criminals considering the value of the data they own as well as the simplicity to monetize that data.
As everybody now recognizes, it is no longer a question of if and organization will be breached but when.
But what are the major cybersecurity risks for financial institutions?
This is a difficult question to answer as the past year has seen unprecedented changes in the cyber risk landscape, but to name just a few:
- Data exfiltration using “zero days” vulnerabilities
- Financial theft, stealing funds from transactions
- Multi-vector distributed denial of service attacks (DDoS) targeting corporate websites and on-line banking to compromise e-commerce. This is a serious threat to the ongoing strategic digital transformation.
- Cyber extorsion, in particular ransomware, ranging from encryption of personal computers to corporate servers.
- Third party solution provider failure
Cyber risk management pillars
Although there have been important issues during recent years, the financial services sector is probably one of the best industries managing cybersecurity. The key pillars for an efficient and effective cybersecurity risk management are:
- Strengthen cyber risk management by implementing three lines of defence, including risk identification and assessment, risk management and risk monitoring.
- Compliance with existing regulations including new privacy requirements like GDPR.
- Enhance cyber security execution through talent development, cyber awareness programs and consistent cyber protocols.
- Consider risk in the financial ecosystem including third parties.
- Monitor the continuously evolving threat landscape.
- Consider information sharing. The Financial Services Information and Sharing Centre (FS-ISAC) is an industry forum created specifically for the financial services industry to share regarding cybersecurity in their sector.
- Integrating cyber risk management into innovation.
As a result of all the new dynamics in the cyber risk landscape, the cyber insurance industry is evolving and growing.
Businesses across all sectors are beginning to recognise the importance of cyber insurance in today’s increasingly complex and high risk digital landscape and this is especially true in the financial services industry, currently involved in a critically important digital transformation journey.
Some reports forecasts that the global market is expected to surpass $3 billion in 2018 with strong growth till 2027.
North America has been the largest cyber insurance market share in the past but new regulations coming into effect in the European Union such as GDPR, might accelerate market growth in this region.
For more information with regards to Cyber Risk Management, please visit:
- Cyber Risk Infographics
- Other Cyber Risk Articles
- The @CSOFinder, our global search engine for Cybersecurity companies where you can easily find leading Cyber Risk & Cyber Insurance startups and established companies.