At DTCC, we conduct an annual Systemic Risk Barometer Survey, which serves as a pulse check to identify and monitor existing and emerging risks that may impact the safety, resiliency and stability of the global financial system. The most recent report focused on the 2022 outlook and found that cybersecurity risk is the top concern for risk managers at financial services firms. In fact, of the 200+ operations and risk professionals who responded to the survey, 59% named cybersecurity risk among their top five concerns, with 24% of respondents calling it the top risk for the global financial system this year.
Risk managers attribute this growing concern to a number of areas, including but not limited to the rise of cyberattacks during the pandemic, ongoing geopolitical tensions around the world, the growing interconnectedness of individual players and their providers, and the introduction of new and emerging technologies which can introduce risks.
In the face of this complex landscape, there are three main areas where risk managers should focus to continue to evolve their preparedness and response to cyber threats. These include ensuring continued regulatory and industry engagement and collaboration, focusing on the evolution of cybersecurity best practices around response and recovery, and ensuring the adoption of fintech is done safely and with the same, if not better, risk management capabilities.
1. Engaging with Regulators and the Industry
It is imperative to participate in global discussions with policymakers and industry stakeholders around the evolving nature of cybersecurity. With new challenges and opportunities facing our industry — including the evolution of digital currencies, climate change risks and the impacts of trade tensions on both economic conditions and the cyberspace environment — it is crucial that we regularly come together to address the ways that these changes could impact the resilience of our financial system, now and in the future. For example, the Cyber Risk Institute (CRI) is working with the industry to develop the Financial Services Profile (‘Profile’). The Profile aligns cybersecurity supervisory requirements with industry-accepted cyber frameworks to ease firms’ abilities to demonstrate compliance. Sharing best practices, developing common principles, gaining greater insights around current threats, and achieving greater regulatory coordination around cybersecurity guidance can drive greater improvements to the industry’s preparedness for cyber threats.
2. Enhancing Cybersecurity Best Practices
The pandemic accelerated new work structures and how we engage with colleagues, clients, and partners. Now is the time to ensure that firms are well prepared to accommodate a potentially permanent hybrid work model while providing the same, if not better, risk management practices than before the pandemic. Every day, cyberattackers are trying to access firms’ systems and infrastructure. As we continue to navigate this changing landscape, cybersecurity and risk professionals must consider what longer-term cybersecurity practices should look like with a permanently distributed workforce while ensuring that any solutions that were introduced during the pandemic are ready to support the organization for the foreseeable future. For example, firms should increase their vigilance in identifying and patching security vulnerabilities within their externally-facing environment, given the number of employees that now rely on this infrastructure for their daily activities. Additionally, firms may also want to consider using strong or multifactor authentication for their critical applications.
3. Implementing New and Emerging Fintech Safely
Firms must also assess how the adoption of new and emerging technology could impact their risk management posture, especially in critical business areas. Ultimately, firms across financial services must be able to manage innovation in a way that protects the safety and resilience of the industry as a whole. As firms consider new technology, frameworks must be created to enhance how risk is monitored, all while calculating the potential systemic implications of new technologies and their impact on interconnectedness risk. While new and emerging fintech offers great potential across the industry, firms must approach any implementation with eyes wide open to potential risks.
Cybersecurity professionals remain focused on predicting cyber threats and devising defenses to keep systems secure and, in the event of an incursion, ensure resilience to resume services quickly. As cybersecurity threats grow, firms must continue to evolve their risk management approach, building upon the successful methods of the past and identifying new ways to bolster their defense and recovery strategies for the future.
A holistic approach, including industry and regulatory collaboration and information sharing, a continued focus on the evolution of cyber best practices, and a well-researched approach to the adoption of new and emerging fintech, will be vital to continuing to protect and safeguard the industry.