Cyber crime is on the rise, as seen only recently with computer virus Petya spreading disruption to companies across the world, in the wake of the global WannaCry ransomware attack in May.
Financial institutions are particularly vulnerable to attacks. A recent report by Symantec found that banks and other financial firms in more than 30 countries were targeted in a spate of attacks in which USD81 million was stolen.
Disruptors such as blockchain, artificial intelligence and machine learning are becoming more prominent, but the industry still has a limited understanding of these technologies, and innovation often outpaces developments in cyber security.
The financial services industry traditionally relied on manual business processes, but as these become digitised and new technologies take root, firms must invest more in cyber security.
Collaboration and business-wide education about cyber security is key
Laws and regulations on cyber crime lack the harmonisation and coherence to deter attacks at scale. Organisations that have been hacked are often punished for failing to meet the required standard of care, while the perpetrators escape justice.
Harmonised regulation is vital
Cyber threats are fast-moving and becoming increasingly sophisticated, and policy makers are determined to take action. The European Union, for instance, recently passed legislation to increase critical infrastructure capabilities to combat cyber crime through the Network Information Security Directive, which will come into effect in 2018. This applies to what policy makers refer to as ’operators of essential services’, which includes financial firms.
However, if regulation is not harmonised, financial firms will have to implement different solutions in the different markets in which they operate, causing unnecessary complexity, risks and costs to the industry.
Global standards – such as those laid out by the US National Institute of Standards and Technology – though not necessarily required by regulation, are a good foundation for organisations to base their cyber security programmes on.
There needs to be cultural change that embeds cyber security as every employee’s responsibility
What we can do
Despite the rising threat, the financial industry is not helpless, and firms can do a lot to find solutions. Collaboration and business-wide education about cyber security is key.
There needs to be cultural change that embeds cyber security as every employee’s responsibility. Meanwhile, firms need to work with regulators to implement and contribute to best practices, and ensure their governance structure is fit for dealing with cyber risk, and that they employ the right information security professionals.
Cyber security is a significant threat, but through promotion of a healthy security culture, supported by the right tools, policies and procedures, financial institutions can strengthen their defence.