Financial services organizations which proactively navigate the evolving threat landscape can position their proactivity for growth. Key themes in the threat landscape conversation include:

• Adoption of emerging technology: Organizations are increasingly moving away from their legacy systems to the cloud, and as a result their cyber teams are deploying artificial intelligence and biometric security. A move to the cloud can radically alter the threat landscape organizations face, and they need to ensure they work closely with their security teams to minimize the associated risks.
• Operational resilience: Organizations are strengthening their digital resilience to cyber security risks – this includes reviewing the resiliency approach taken for their people, supply chain management, property and information technology. Resilience considerations are critical, especially with the increasing demands of restructuring initiatives, navigating Brexit and other geopolitical factors. As a result, ensuring seamless connectivity across security functions is vital for increasing an organization’s resilience in the face of cyber risks.
• Evolving attack trends: Cyber criminals (both within and external to the organization) have recently started to use corporate networks to mine cryptocurrency. This requires organizations to mature their network management and monitoring capabilities to prevent and detect such activity.

Organizations must consider trust and safety when analyzing their business security functions and protecting the needs of their customers. Building a trust agenda that is integrated throughout the customer journey is critical in every organization and can be achieved through:

• Education: There has been a significant increase in customer education around cyber risk, through messaging campaigns and user tools. This has been incorporated as a differentiator into market messaging.
• Authentication: Financial institutions for example are investing in two-factor authentication and biometric security to implement customer identity and access management solutions. This reduces risk and complexity and enables a frictionless customer experience.
• Data privacy: Customer data is becoming pivotal in enabling a differentiated experience but privacy questions remain unaddressed. Customers respond positively to personalization but remain uncomfortable with both the quantity of data collected and the way in which the collection occurs.

The number of security tools available to organizations has grown significantly. They are tasked with implementing the right tools and connecting them flawlessly and consistently through every layer of the business. Organizations are able to navigate this complex process by investing in intelligent and agile high-end solutions to produce process excellence across all control functions, thereby increasing cost efficiencies and driving business value and market agility.

Globally, regulators are focused on two areas with cyber security relevance:

• Customer harm: A trending area of potential customer harm is customer privacy and the risk of mishandled personal data from banking products and services which regulators aim to prevent. Concern’s around privacy compliance and data protection is also driven by the European Union’s enforcement of the General Data Protection Regulation (GDPR). A strong focus on maximizing the value of customer data while proactively managing customer trust is key to implementing a privacy transformation throughout the organization.
• Resilience: Regulators seek to limit the systemic risk that banking institutions pose to the market through potential weakness areas including: people, supply chains, property and information technology. Their two approaches include: challenging banks to explain how they will continue to operate if their business operations and systems are not upgraded, and ensuring organizations are comfortable in defining their reduced business operations and minimum viable products.

Organizations are becoming increasingly digitized – as they compete with new technology enabled entrants (including Virtual Banks). This significantly increases the pace of digital transformation, requiring an acceleration in digital risk management. Within the digital bank, organizations are experimenting with self-learning and self-defending solutions to maintain pace with the evolving technological landscape. There is also a focus on enabling seamless security experiences across multiple customer channels (e.g. mobile, web, ATM, branch).

Third party concerns remain a perennial concern in the organization with boards acknowledging that third parties represent a key vulnerability in any system. There is increased awareness and interest in exploring real-time supply chain monitoring tools and more organizations recognize that third party risk cannot adequately be mitigated by annual third party reviews. Developing and implementing a third party risk management approach including: governance and operating models, role of three lines of defense and technology tools is important for protection and innovation within banks.