Other parts of this series:
In an increasingly digital world with ever-evolving customer expectations, financial services (FS) firms have been working relentlessly to build cyber resilience by focusing on strengthening their platforms.
A recent Accenture global survey of 2,000 security executives representing large enterprises from a dozen different industries (including 275 from the banking sector) revealed that roughly one in three cyber attacks succeeded, yet 75 per cent of the respondents indicated confidence in their cybersecurity efforts.
Part of the security challenge for FS firms is prioritizing where to focus resources effectively to protect the organization. A lot of cybersecurity work focuses on the platform and protecting from attacks, while a significant number of breaches are both caused and detected by employees. Here are some of the key findings from the Accenture Security Index:
- Only 70 per cent of breach attempts are discovered by security teams,
- 98 per cent of breaches not detected by the security team, were discovered by employees,
- 48 per cent of breaches that had greatest impact on company are internal,
- 52 per cent of security violation cases are caused by human behaviour.
Despite this explicit recognition of the impact of internal threats, the majority of respondents continue to focus on external security issues. For example, 58 per cent prioritise heightened capabilities in perimeter-based controls against outsiders instead of pivoting to address high-impact internal threats.
Where do these internal infiltrations come from? Unauthorised access, criminal or otherwise; mistakenly or deliberately corrupting or deleting data; falling prey to phishing; poor ISR adherence causing inception or loss of data; causing viruses or malware to enter systems are the main culprits.
It’s clear that focusing just on building bigger walls around digital platforms is no longer the only silver bullet to solving the cybersecurity problems of FS firms. The industry is already moving towards an ecosystem and platform economy – with the cloud, open banking, PSD2, etc. For success in cyber resilience, it’s time for leaders in FS to pay closer attention to the people element of data security breaches and create a “people and platform” approach to cybersecurity.
Making cybersecurity everyone’s job – from C-suite to frontline – is a necessity for survival for FS firms in the digital age. Starting at the frontline, the FS workforce needs to be cyber aware, deal with the right people and be on the lookout for unusual digital behaviour from the customer. Middle managers in FS should be prepared to spot corrupt employees, coach team members to be more cyber aware, and have the ability to lead their teams to deal with cyber crime. Last but most paramount, it’s up to the FS leadership to recruit the right talent, create the right learning environment, use analytics to measure effectiveness of cyber defences, and invest wisely.
Coming up next, we will take a closer look at how to build cybersecurity into people strategy and invest wisely to protect your FS organisation from cyber risk.
To learn more, register to download the report: Building Confidence: Solving Banking’s Cybersecurity Conundrum
In March, Accenture Security’s Sanjeev Shukla wrote an excellent blog series on how to bridge the cybersecurity perception gap: Cybercrime: Time for a New Approach.
We’ve also discussed security and privacy in relation to open change ecosystems at our Change Director Forum last month. Coming up in September, our People Innovation Forum, co-hosted with Peter Cheese from the CIPD, will address the latest on this topic, as well. If you are interested in participating, please contact firstname.lastname@example.org or email@example.com.