Can business leaders provide the assurances that clients and investors are routinely demanding?
In financial services, cyber security is no longer just an issue for IT people. Today, investors, financiers and HNWIs are highly aware of cyber security threats and want clear and robust reassurances that their money and personal data will be protected when they do business with financial services firms.
It’s not surprising that they’re concerned. Finance and insurance firms are the most likely of any sector to hold personal data about customers, according to the UK government’s 2022 Cyber Security Breaches Survey. The Financial Services Information Sharing and Analysis Center (FS-ISAC) lists three main cyber security challenges that it expects to evolve and dominate in 2022: third-party risk, zero-day vulnerabilities and ransomware groups.
Customers are aware of this – from consumers with current and mortgage accounts to individual investors with major portfolios. And, encouragingly, finance and insurance business directors are more likely to say that cyber security is a very high priority issue for them – 65% vs 38% for all businesses, according to the same 2022 Cyber Security Breaches Survey. But that still means that 35% of financial services directors do not regard cyber security as a very high priority issue. We say that needs to change.
Cloud infrastructure can present a new challenge in cyber security for financial services
The financial services sector is digitising rapidly, from high street banks to private equity and wealth management firms. Their clients want convenient, always-on access to account information and the ability to manage their finances from their mobiles. Delivering this means adopting new technologies and storing data in the cloud. Many forward-looking professional and financial services organisations are embracing cloud to access the advantages of agility and resilience and to deliver high quality customer experience.
We’ve observed that in some financial services organisations that are embracing rapid digital transformation, there’s not enough focus on cyber security. In the drive to innovate and compete, they risk losing control of their cyber security. Meanwhile, personal data and financial cybercrime offer big rewards to crooks, who are sophisticated, determined and highly knowledgeable. With new threats emerging daily and high awareness of the value of data on the dark web, no-one in financial services can afford to be complacent.
Financial services regulation for cyber security is increasing constantly
Financial services regulators are highly aware of cyber security risks and in many jurisdictions are increasing the burden of compliance to try and protect businesses and their clients more robustly. FinTech magazine’s Tilly Kenyon reported in March 2022, “From the US Securities and Exchange Commission to the European Central Bank to the Monetary Authority of Singapore, authorities have signalled they plan to increase cyber security compliance obligations such as mandating cyber risk and incident disclosures, shortening notification windows, and holding firms accountable for service providers’ cybersecurity measures.” While making compliance more onerous creates an added burden, financial services firms are well aware of their obligations in a highly regulated industry and will step up to meet it.
But for clients and consumers who are entrusting their money and data to financial services firms, is it enough to know their provider is compliant with current regulation? They want to deal with organisations that have a strong reputation for digital security, and that have not hit the headlines for all the wrong cyber security reasons.
So what can financial services firms do to reassure their clients? If they pull back from multi-channel services and accessible information, they’ll lose customers who expect an empowered and fully digitised experience from their financial provider, just as they expect it in every other area of modern life. Using the cloud to store data and host platforms and systems is also key to competitiveness, helping financial services firms to achieve efficiencies and manage costs as well as enhancing their responsiveness and allowing them to offer more sophisticated services and tailored communications through data integration and analysis.
A proactive approach to cyber security for financial services
The answer lies in maintaining the highest levels of investment, focus, awareness and accountability for cyber security all around the financial services business. From grassroots employee vigilance to specialist IT decision-making and due diligence, everyone has a responsibility to understand how their actions can maintain or compromise cyber security.
Policies for secure data handling, password protection and system access need to be enforced, not just documented. Cyber security must feature in employee inductions, regular staff training and as an item on the board agenda. Proactive communications to customers about security measures, training and investment can go a long way to reassure them that their tangible and intangible assets are being protected and treated with the greatest care.
If your financial services organisation has recently upgraded to cloud solutions and infrastructure or is embracing digital transformation and innovation for competitive advantage, take a hard look at your cyber security approach and measures. An assessment or audit by a specialist cyber security partner – one that has a track record of working in the financial services sector and is willing to get to know your organisation’s particular operation thoroughly – can help you establish your current position and highlight any weaknesses so you can address them urgently. Carry out ongoing, regular assessments after this so you can be sure your measures are keeping up with the increasing sophistication and audacity of cyber criminals.
Build in cyber security to digitisation programmes from day one
If you’re planning or are in the process of digital transformation at any scale, make sure that cyber security is built into your programmes rather than added on at the end. If you’re using a managed services provider, they should be championing cyber security as an integral part of their work and should be relentless in keeping it high on your agenda.
No sector can afford to brush cyber security under the carpet in this day and age. But for financial services clients – large, small, wealthy or modest of means – it’s not just a technology topic, it’s a firmly established mainstream issue, because their money and data are at stake.
We believe that a strong track record in data and digital security is already one of the most important decision factors for investors, banking clients and HNWIs who are looking for a financial services or investment firm that they can trust with their assets. Being proactive about cyber security rather than waiting for the regulator to set the agenda will differentiate the best financial services firms from the rest.
Six Degrees is a leading provider of cyber security services. We deliver end-to-end cyber security services that protect organisations from the threats that exist from malicious and accidental data breaches. Our holistic security solutions include compliance, governance, testing and offensive and defensive managed security services, and we enable our clients to implement robust security measures across all levels of their organisation. Please get in touch if we can help you with any aspect of cyber security in your financial services organisation, including an assessment of your current approach and measures and advice on strengthening your defences.
About the Author
Chris Cooper is Cyber Security Practice Director at Six Degrees. At Six Degrees, we’ve been helping organisations confront cyber security challenges for over 15 years. While cyber threats are always developing, our experience and industry presence are testament to our ability to stay ahead of emerging threats.