Insights

Top 4 Cybersecurity Headaches Plaguing Financial Services Institutions

J.S. Held Strengthens Forensic Accounting and Financial Investigations Expertise and Expands Suite of Services in Canada with Acquisition of ADS Forensics

Read More close Created with Sketch.
Home·Insights·Articles

Introduction

Most Financial Services Institutions (FSIs) have digital technology at their core. And a primary responsibility for most FSIs is “cyber-connect” customers – be they organizations or individuals – with their money simply and seamlessly.

FSIs need to counterbalance these speedy, frictionless transactional experiences against the thousand-pound gorilla in the room, a.k.a. cybersecurity risk.

This Deloitte article in the Wall Street Journal distills the problem well: “Amid the massive technological transformation now underway in financial services, companies are being asked to become more agile and provide a frictionless customer experience. They must also grapple with the need to reduce costs while complying with complex regulations and managing an increasingly global workforce.”

In other words, make your services super secure and super slick. Maybe that’s why the financial services industry is predicted to face cybercrime costs of £1.5bn during 2017? Or that this industry remains the biggest spenders when it comes to cybersecurity?

So, let’s look take a look at some of the top cybersecurity headaches plaguing FSIs right now.

1. Compliance Pressure From Regulatory Bodies

Not only are new regulations, such as GDPR , entering the fore, but existing regulatory bodies, like PCI DSS, are tightening their requirements, placing additional pressure on organizations to reassess their cybersecurity posture in line with these new requirements.

A known frustration, however, is that various regulatory bodies have conflicting requirements, intensifying a cybersecurity headache to a proper migraine.

2. Increased Risk From Third-Party Business Partners

Of course, the importance of choosing your business partners continues to be key. In short, their cybersecurity vulnerabilities are your cybersecurity headaches.

Legacy contracts need reviewing, and clear delineation of responsibilities is key. Additionally, the new GDPR regulation, which impacts companies around the world that collate and process personal information of EU data subjects, clearly shares the blame between controllers and processors, so “clever” contracts designed to shield organizations from legal responsibilities may lose efficacy.

3. Threat Landscape Complexity

This is the one you were all expecting to show up on the list, and you would be right. The onslaught of vicious malware strains and unauthorized access via one of the hundreds of access points into a network is a complex balancing act. Availability for authorized users cannot be compromised, while ensuring that the bad stuff stays at bay.

4. The March of IoT

With new devices and technology being connected to the internet, the importance of baking in cybersecurity from the get-go is key. This difficult, costly exercise is often insufficiently considered by developers at the early stages.

Managing the plethora of devices accessing FSI services, from payment systems, websites, and applications, and ensuring they cannot compromise the system remains a key focus for cybersecurity leaders in the financial industry.

Acknowledgments

We would like to thank Kevin Gorsline for providing insight and expertise that greatly assisted this research.

Kevin Gorsline is a Managing Director in J.S. Held's Global Investigations Practice who joined following J.S. Held's acquisition of TBG Security. For several years, Kevin served as the Chief Operating Officer and head of the Risk and Compliance practice at TBG Security, where he was responsible for providing the leadership, management, and vision necessary to ensure that the company had the proper operational controls, administrative and reporting procedures, and people systems in place to effectively grow the organization and to ensure financial strength and operating efficiency. His experience and leadership throughout his career have been focused on developing and delivering information security services and solutions, providing outstanding client service, and driving profitable revenue growth. Kevin brings established proficiency as an IT leader with extensive experience in risk and compliance services, applications development, and implementation projects both in the United States and abroad.

Kevin can be reached at [email protected] or +1 843 890 8596.

Find your expert.

This publication is for educational and general information purposes only. It may contain errors and is provided as is. It is not intended as specific advice, legal, or otherwise. Opinions and views are not necessarily those of J.S. Held or its affiliates and it should not be presumed that J.S. Held subscribes to any particular method, interpretation, or analysis merely because it appears in this publication. We disclaim any representation and/or warranty regarding the accuracy, timeliness, quality, or applicability of any of the contents. You should not act, or fail to act, in reliance on this publication and we disclaim all liability in respect to such actions or failure to act. We assume no responsibility for information contained in this publication and disclaim all liability and damages in respect to such information. This publication is not a substitute for competent legal advice. The content herein may be updated or otherwise modified without notice.

You May Also Be Interested In
Perspectives

Strategies to Avoid Cyber Insurance Claim Challenges: Part II

In Part II of addressing cyber claims challenges, we identify gaps in coverage and quick fixes for a smoother claims process....

Perspectives

Benefits of a Virtual Chief Information Security Officer (vCISO) in the Age of AI-Driven Cyberattacks

A Virtual Chief Information Security Officer (vCISO) can be a cost-effective solution to AI cyberattacks....

Perspectives

Cybercrime vs. Cybersecurity: Learning the Tactics of Criminals to Protect Your Interests

To safeguard our digital lives, both the "inside out" security approach and the “outside in” prevention approach are needed....

 
INDUSTRY INSIGHTS
Keep up with the latest research and announcements from our team.
Our Experts