Banks lead the fight against cyber risk
Risk management is in banks’ DNA. They have some of the largest cyber-risk management teams and budgets around – and senior management is taking the threat seriously. But are the banks secure? Can they drive cybersecurity down the supply chain?
Most businesses understand the normal risks of competition, and an increasing number have sophisticated financial and operational risk management functions. A few may even be alive to the threat of industrial espionage.
Cyber-risk – or information security risk – is different. It arises from the hostile actions of human attackers bent on disabling or defrauding their targets. Few non-financial companies have had much experience of defending themselves against deliberate, intelligent and evolving threats. Banks of course have.
Unlike almost every other private-sector business, banks are used to being attacked. But, as one bank chief information security officer (CISO) puts it: “Banks have always been in the crosshairs. Yes, today it’s ransomware and digital attacks, but previously it was paper-based cheque and mortgage fraud and even guys with guns. So it’s baked into our DNA that we are a target.”
However, as the former CISO for corporate functions and trading at a large oil company, shortly to be found at one of the big four UK clearers, points out: “One difference between the cyberworld and the physical world is that the cyberworld evolves 1,000 times faster – so the time in which you have to understand and keep up with the threats is tiny compared to other operational risks.