Cybersecurity in a Digital World: Transforming Risk Management With an Eye to the 20/20s

Nowadays, it’s common knowledge that the financial services industry needs to digitise to survive; nevertheless, the scope and speed of digital transformation still leaves many an individual bewildered.

Cybersecurity in a digital worldArtificial intelligence is now starting to drive how firms operate, ranging from customer service to investment advice. Firms have started to use robotic process automation to automate tasks and processes previously performed by humans. Part and parcel of the digital transformation is blockchain, posing a significant threat to unprepared businesses with its capacity to store information on distributed ledgers without a central clearinghouse.

Previously limited to the domain of the IT professional, nowadays, a new collection of terms has become commonplace – instilling dread in the heart of many a financial services professional. In today’s digital domain, phishing, ransomware and DDoS attacks are unavoidable certainties. (In fact, in a world where rapid change is the only constant, increased digital risk is most likely one of few certainties.) By no means a comprehensive summary, it should become clear that robust cybersecurity is a non-negotiable for firms wanting to anticipate and pre-empt digital threats.

 

FROM SA TO THE U.K. AND FURTHER ABROAD: CYBER ATTACKS ON THE RISE

Following the past month, the rise of cyber-attacks is difficult to ignore.

In a recent issue of the Daily Maverick, Marelise van der Merwe cautions us to prepare for more, bigger and worse attacks – closer to home. Although the Cyber Crime and Cybersecurity Bill is currently before Parliament in South Africa, thousands of businesses are vulnerable in the interim. Van der Merwe warns to “brace yourself … as the same vulnerability that allowed WannaCry ramsomware to spread across the globe in May can still allow far greater havoc.” Although Africa was least affected by WannaCry when compared globally, the attack did hit most of South Africa’s major cities. Van der Merwe continues with a quick look at statistics, noting that South Africa was recently identified as the global leader in economic crime with 69% of companies affected; cybercrime is the fastest-growing economic crime, with a third of South African companies affected.

The U.K. reflects a similar trend, as reported on in U.K. news. Furthermore, similar reports can be seen on leading media channels. In March 2017, the topic was already caught in the crossfire, with an Africa expert warning that South African companies are highly vulnerable to cyber-attacks, and urging businesses to identify their weaknesses and take the necessary steps to protect their data and systems pre-emptively.

 

RELEVANCE TO BUSINESSES AND THE FINANCIAL SERVICES INDUSTRY

The PwC 20th CEO Survey holds valuable insights into how globalisation and technological transformation have impacted CEOs across the globe – completed by more than 1400 CEOs worldwide. As per the 20th CEO Survey, the gravity of cybersecurity becomes clear:

“Nearly two-thirds (62%) of global CEOs surveyed said that cyber threats are a going concern for their organisations’ growth prospects. This statistic places cyber threats among the top five threats on CEOs’ minds, only behind availability of key skills, volatile energy costs and changing consumer behaviour.”

Supporting this survey’s findings, other recent studies also emphasise the severity of cybersecurity challenges facing industry. The World Economic Forum Global Risks Report 2017 reports a “massive incident of data fraud/theft” as ranking among the top five global risks, supported by this year’s Global CEO Survey finding, suggesting that the speed of technological change was the fastest rising concern for global CEOs, up from 58% in 2016 to 70%, emphasising worries concerning digital risk and technological readiness.

 

The top threats that were identified are:

  • Cybersecurity breaches affecting business information;
  • Breaches of data privacy and ethics, and
  • Information technology outages and disruptions.

 

THE ROAD AHEAD: FOCUSING ON THE SOLUTION, NOT THE PROBLEM

“Cyber expectations are growing. Firms need to balance rapid innovation with the need to provide both seamless customer service and privacy protection”, says Joseph Nocera (PwC Financial Services Cybersecurity Leader).

For businesses, CEOs, providers and professionals across industries, cybersecurity is a tangible concern; however, it also holds noteworthy opportunity. As Joseph Nocera says, companies embracing and effectively managing the challenges associated to digital risk, could in turn gain a competitive edge.

 

To elaborate, listed below are various solutions to consider.

  1. First and foremost: business continuity plans must include cybercrime awareness.
  2. It is of crucial importance for business leaders to investigate and consider how human connection can be affected by technology. The reality is that it could become more difficult to keep clients / investors’ trust, as automated interactions lead to a decrease in human interaction. Business would be wise to perform an ongoing balancing act: gaining connectivity without losing trust.
  3. Companies exhibiting resilience will double their chances of survival; being able to bounce back from cyber-attacks will become a deciding factor and could also help companies reap significant economic rewards. While focusing on long-term success, resilient companies will develop strategies for business continuity, succession planning, strategic alignment and data analytics.

 

They will also align risk management with strategic planning; have well defined and automated security processes for information technology; and apply analytics to predict attacks and respond faster.

“Tomorrow’s successful states,” the U.S. National Intelligence Council’s Global Trends Report notes, “will probably be those that invest in infrastructure, knowledge, and relationships resilient to shock—whether economic, environmental, societal, or cyber.”

 

  1. Other measures to consider involve: integrating cybersecurity, anti-fraud, and anti-money laundering efforts. Companies will improve their ability to ward off threats by combining analytics from pooled data, strengthening their risk management environment, and implementing controls more effectively.
  2. Anticipating risks from third parties will be a crucial business strategy to adopt, as highlighted in PwCs CEO Survey. Companies will be wise to consider the potential for increased risks when outsourcing. A solution is to collaborate with third party vendors to make sure they take the right measures to protect company and end point user data.
  3. Lastely, the CEO Survey found that focusing on cybersecurity upfront will be decisive in speeding up innovation. When designing and developing new digital products and services, companies should integrate cybersecurity and privacy in its commencement stages.

 

CHANGE IS INEVITABLE; GROWTH IS OPTIONAL.

There’s no question about it: change is rapid. Emerging technology presents significant challenges to the financial services industry and businesses across industries; however, at the same time it holds exhilarating opportunities. A clear shift in generational values, resulting in changing needs, is being observed. For firms accepting the challenges head on, with a tenacious and resilient approach, this is a time of vast opportunity.

 

Craig Featherby

Chief Executive Officer

Carrick Wealth

Related Reading