Banks lead the fight against cyber risk
Risk management is in banks’ DNA. They have some of the largest cyber-risk management teams and budgets around – and senior management is taking the threat seriously. But are the banks secure? Can they drive cybersecurity down the supply chain?
Most businesses understand the normal risks of competition, and an increasing number have sophisticated financial and operational risk management functions. A few may even be alive to the threat of industrial espionage.
Cyber-risk – or information security risk – is different. It arises from the hostile actions of human attackers bent on disabling or defrauding their targets. Few non-financial companies have had much experience of defending themselves against deliberate, intelligent and evolving threats. Banks of course have.
Unlike almost every other private-sector business, banks are used to being attacked. But, as one bank chief information security officer (CISO) puts it: “Banks have always been in the crosshairs. Yes, today it’s ransomware and digital attacks, but previously it was paper-based cheque and mortgage fraud and even guys with guns. So it’s baked into our DNA that we are a target.”