Banking Technology
  • NEWSLETTER
  • Home
  • News
  • Analysis
    • Back
    • Industry Comment
    • Features
    • Interviews
  • Publications
    • Back
    • Banking Technology Magazine
    • Supplements
    • Daily News at Sibos
    • Paybefore Magazine
    • Subscribe to Magazine
    • Request a Sample Copy
  • Intelligence
    • Back
    • White Papers
    • Case Studies
    • Survey Reports & Infographics
    • Podcasts
    • Videos
    • Webinars
  • Library
  • Awards
    • Back
    • Banking Technology Awards
    • PayTech Awards
  • Events
  • Jobs
  • Advertise
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • Editorial Calendar
    • FinTech Futures Newsletter
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech


  • Home
  • News
  • Analysis
    • Back
    • Industry Comment
    • Features
    • Interviews
  • Publications
    • Back
    • Banking Technology Magazine
    • Supplements
    • Daily News at Sibos
    • Paybefore Magazine
    • Subscribe to Magazine
    • Request a Sample Copy
  • Intelligence
    • Back
    • White Papers
    • Case Studies
    • Survey Reports & Infographics
    • Podcasts
    • Videos
    • Webinars
  • Library
  • Awards
    • Back
    • Banking Technology Awards
    • PayTech Awards
  • Events
  • Jobs
  • Advertise
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • Editorial Calendar
    • FinTech Futures Newsletter
  • newsletter
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech

bankingtech.com

bankingtech.com



Don’t delegate cyber risk management responsibility

  • Written by FinTech Futures
  • 4th March 2015
  • submit to reddit
Sa afl

Craig Richardson is chief executive at the Wynyard Group

The responsibility of managing and overseeing the cyber-risk in an organisation must sit at an executive level, writes Craig Richardson

To be most effective an organisation must have a person providing leadership and oversight in the strategic planning, execution, and assessment of security strategies, policies, procedures and guiding practices. Ensuring compliance with legal obligations in respect of information and information security is also a key responsibility.

More commonly the role of the chief information security officer is emerging.  Organisations that had previously not identified the need for a CISO need to re-evaluate this as a priority.  It is also crucial this role has independence from IT and has a direct reporting channel into the board. This position indicates the organisation is taking a formal approach to monitoring cyber threat risk with regular updates and board oversight.

Evaluate, assess and manage cyber risk

Cyber-attacks could cause severe disruption to a company’s business functions or operational supply chain, impact reputation, compromise customer information or result in loss of intellectual property.

From kids hacking video game downloads, to organised criminals targeting financial services organisations, state-sponsored theft of trade secrets, and terrorists targeting critical infrastructure, no company is immune to cyber-attacks.

Each organisation has a distinctive cyber-threat risk profile depending on the nature of the business, what information the industry deals with and how valuable that asset is to criminals.

It is important that the executive understands that assets need to be identified and valued, and then risk assessed against cyber-threats.  It is important also that executives recognised information is their most important and valuable asset.

Defining the risk strategy and levels of acceptable risk requires critical assets and the impact from cyber-attacks to be identified and the specific financial, competitive, reputational and regulatory risk exposure defined.

Key is to adopt a governance-led, information driven approach to managing cyber-risk. The company needs to understand how threats are evolving, evaluate the degree of risk at any one time and set strategies for countering attacks.

Information-driven cyber intelligence allows companies to assess, manage and minimise the risks.  By identifying and characterising cyber threats and assessing the vulnerability of critical assets and operations, companies can better identify ways to reduce those risks and strategically prioritise risk reduction measures.

They can clearly plan for what the likelihood and consequences of specific types of attacks are and can better manage and minimise the risk.

Early detection makes a key difference

An ability to detect the manifestation of an incident early in its lifecycle and assimilating that information into a dynamic risk model, is becoming a key differentiator for a modern business connected to the internet.

This means defenders of a network need to have an advantage – but it requires a deep understanding of your network and business:

–              How it works?

–              What and where are the key business assets?

–              How the users interact with it and the outside world (the internet)?

–              How the business works?

Organisations that take a strategic approach to cybersecurity spending can build a more effective cybersecurity practice, one that advances the ability to detect and quickly respond to incidents that are all but inevitable.

Include cyber-risk on the board agenda

Cyber -hreat is one of the many areas of risk that should be overseen by the board of directors, but is often misunderstood.

Directors are not expected to be experts in this area so do rely upon management and external parties for information and advice. In saying this, this is not an excuse for complacency.

At a minimum the board should have a high-level understanding of the company’s cyber-risks, the management of these risks and the company’s cyber incident response plan.  Boards must be clear on the information they require to understand what is needed to make decisions.

Directors need to re-evaluate risks against the threat vector.  Organisations that had previously completed risk assessments that minimised or discounted cyber-risk should revisit these assessments against current cyber-threat trends.   Organisations need to accelerate this process and not wait for evidence of a breach, they need to pre-empt an inevitable breach investigation.

Directors should also understand how companies run their process for identifying and mitigating the most current risks. Management should also be able to explain to the board how it selects, manages and monitors third parties and their access to data.

As part of reporting, boards should be provided with meaningful, data-driven metrics that demonstrate both performance and effectiveness of a cyber-response plan. This means performance changes can be correlated with key events to gain an understanding about the impact of technology investments, headcount and policy decisions.

Summary

Companies must assess and manage cyber risk as they do other operational, reputational and financial business risks across their enterprise.

The first place to start is for executives and boards to get involved in cyber-risk management discussions, including an evaluation of your company’s specific cyber-risks and incident response plans.

To properly manage cyber risk, the CEO must fully understand the company’s cyber-risks, the company’s plan to manage these risks, and the company’s response plan when the inevitable breach occurs.

Tags: Cybersecurity, Financial Crime & Fraud cyber security, Wynyard Group Analysis, Industry Comment

FinTech Futures

FinTech Futures

@FinTech_Futures


Leave a comment Cancel reply

To leave a comment login with your FinTech Futures account:

Log in with your FinTech Futures account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *


Magazine

Banking Technology February 2019 issue out now

1st February 2019

Banking Technology December 2018/January 2019 issue out now

5th December 2018

Banking Technology November 2018 issue out now

17th November 2018
view all

White Papers

White paper: The opportunities and data management considerations of hybrid cloud

12th February 2019

A guide to digital identity verification: the tech and trends

7th February 2019

Industry brief: FRTB and XVA – Addressing real-time regulatory and business needs with in-memory computing

1st February 2019
view all

Webinars

Webinar: defuse the ticking time bomb of data

8th February 2019

Live webinar: The ROI of AI – Converting conversational AI into revenue for banks

25th January 2019

Webinar: How to Kick-start Your Digital-First Banking Transformation

20th November 2018
view all


Events

Africa BFSI Innovation Summit

19th February 2019 - 20th February 2019

Webinar: The ROI of AI – Converting conversational AI into revenue for banks

20th February 2019

Global Private Banking Conference

21st February 2019
view all

Survey Reports

Infographic: the Italian payment landscape

4th February 2019

Infographic: the year of the crypto crash – 2018

  • 1
1st February 2019

Infographic: one year of open banking

11th January 2019
view all

Case Studies

Case study: 2ndQuadrant and tastyworks – boosting PostgreSQL database performance by 400%

13th February 2019

Case study: Isbank and FCase – fraud orchestration overhaul

23rd January 2019

Top ten banking tech case studies in 2018

27th December 2018
view all


Videos

Video: check out the PayTech Awards 2018 highlights!

7th February 2019

Video: fintech news weekly round-up – 4 February 2019

4th February 2019

Video: Banking Technology Awards 2018 highlights

1st February 2019
view all

Twitter

FinTech_Futures

German regulator stops shorting of @wirecard shares #fintech #payments goo.gl/fb/bGwSpf

18th February 2019
FinTech_Futures

ICYMI - Big banks bond with CommonBond for $750m lending spree: bankingtech.com/2019/02/big-ba… https://t.co/Hd7Q6Jov7Q

18th February 2019
FinTech_Futures

Have you introduced a genuinely innovative #paytech project, product or service? Nominate it for Top Paytech… twitter.com/i/web/status/1…

18th February 2019
FinTech_Futures

Scotland's SME challenger bank AlbaCo readies for launch #fintech #bankingtech #startup goo.gl/fb/G6sazd

18th February 2019
FinTech_Futures

ICYMI - iSignthis muscles into Lithuania’s paytech space with BBS acquisition: bankingtech.com/2019/02/isignt… https://t.co/6pcuRtPKVj

18th February 2019
FinTech_Futures

.@GoCardless gathers payments pace with $75m funding #fintech #paytech goo.gl/fb/sYMrTn

18th February 2019
FinTech_Futures

ICYMI - It took its time... TymeBank times South African launch for this month: bankingtech.com/2019/02/tymeba… https://t.co/kwUj1IWLY1

18th February 2019
FinTech_Futures

Interview: Aidan Millar, chief data officer, DNB: bankingtech.com/2019/02/interv… #fintech #bankingtech #data https://t.co/bv2LFAnFYN

18th February 2019

Newsletter

Sign up for the free daily newsletter and receive all the fintech goodness straight to your inbox.

EDITORIAL CALENDAR

Check out the upcoming editions of the Banking Technology magazine and the events it will be distributed at.

INTELLIGENCE

All the industry analysis, reports, white papers, webinars, infographics, videos and other contents in one place.

MEDIA PACK & ADVERTISING

Get your brand out there – explore commercial and advertising opportunities with FinTech Futures.

Fintech Futures

© BankingTech.com 2019. All rights reserved.

  • Cookie Policy
  • Privacy Policy
  • About us
  • Contact us
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X