Cybersecurity - Looking to the Banks for Guidance

The growing complexity and urgency of cybersecurity is leading to a good deal of strategic thinking in business. Companies are and have been responding as best they can but they are still often searching for direction in the overall strategy for strengthening their security in cyberspace.

Banks have special demands put upon them and have special needs for good cybersecurity, so it makes sense to look to banks for guidance on what direction cybersecurity might or should take.

KPMG did this by discussing the major challenges facing their banking and financial clients in three major areas of the world - Asia, Europe and the US.  The results were published in a white paper on the firm's website.

Some of the major issues raised were:

1. Cybersecurity needs to be seen as a business issue and not just a technology one. Nothing new here, but it seems  business is still struggling with this concept. Some of them are addressing this issue by creating a dedicated cybersecurity organization reporting directly to an Operational Risk group, thus enabling the business to own the issue.
2. As with other industries, banks have experienced increased regulatory requirements, so regulatory risk has continued to grow as an area of concern. since regulatory risk can detract from other more threatening areas of risk, increased regulation carries a risk itself of shifting the cybersecurity actions of companies away from the most serious threats to that of compliance.
3. Banks have been integrating their activities on money laundering and fraud with other cyber controls, raising a prospect of more efficient and hopefully more effective controls.
4. Increased tailored training of business, non financial people on how cybersecurity incidents work - what they look like and what to watch for.

This brief white paper provides some interesting insights into the direction of cybersecurity controls and is worth a read.