Banks and other financial services firms need to recognize the threats of cyber risk in a different way. Many have put in place thick walls to protect themselves. But firms cannot be protected at all times from a cyber-related incident. So putting in place structures, technologies and processes to ensure resilience—or fast recovery—is as much or more important than simply putting more locks on the doors or building stronger walls. See www.accenture.com/CyberRisk for more.
Financial services organizations need to recognize the threats of cyber risk in a different way. Many have put in place thick walls to protect themselves. But the threats from a cyber event perspective are becoming more prolific. So although the walls are in place, the threats or activities to commit fraud or attack a firm are expanding. Organizations cannot protect themselves at all times from a cyber-related incident. So putting in place structures, technologies and processes to ensure resilience—or fast recovery—is as much or more important than simply putting more locks on the doors or building stronger walls.
Historical Methods Linear or Horizontal Approach is not working – This is Network or matrix problem of technology, process and people Large Institutions lack the facts and processes to make and implement effective decisions about cyber resilience Large institutions do not systematically understand which information assets need to be protected, who are their attackers, what is their appetite or which is the most effective set of defense mechanisms Companies that spend more on cyber resiliency do not necessarily manage cyber resilience risk in a more mature way
New Paradigm It is not possible to isolate the risk. The common notion of security implies isolation and it is impossible to draw a clear ring around cyber resilience. Weakest links are often customers and employees and third parties Not just a technology problem, but rather a technology, process and people problem Cyber risk does not respect your organizational structure i.e. the operating model for identifying, measuring and managing the risk does not match how firms are being attached. Firm that invest in and develop cyber capabilities to instill trust in customers, the public and its investors will have an competitive edge in the digital era
Improve Communicate with senior management about the risk organizations impact on the overall Cyber Risk Profile Demonstrate the value of current and future Cyber/IT management activities Improve capital management and profitability by putting Cyber/IT related capital to better use Enable all the stakeholders to understand the contribution risk management makes to the firm and to understand the value of controls Identify the outcomes by which we can assess effectiveness of program and controls
Option 0 – Do nothing, embedded with IT Option 1- How compliance is organized, dec
COBIT: Control Objectives for Information and Related Technology. COBIT® is
a trademark of ISACA® registered in the United States and other countries.
ISA: Information Society of Automation
ISO: International Organization for Standardization
IEC: International Electrotechnical Commission
NIST: National Institute of Standards and Technology
How to Make your Enterprise Cyber
This presentation is intended for general informational purposes only and does not take into
account the reader’s specific circumstances, and may not reflect the most current
developments. Accenture disclaims, to the fullest extent permitted by applicable law, any
and all liability for the accuracy and completeness of the information in this presentation and
for any acts or omissions made based on such information. Accenture does not provide
legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice
from their own legal counsel or other licensed professionals.
Accenture is a global management consulting, technology services and outsourcing
company, with more than 358,000 people serving clients in more than 120 countries.
Combining unparalleled experience, comprehensive capabilities across all industries and
business functions, and extensive research on the world’s most successful companies,
Accenture collaborates with clients to help them become high-performance businesses and
governments. The company generated net revenues of US$31.0 billion for the fiscal year
ended Aug. 31, 2015. Its home page is www.accenture.com.
Accenture, its logo, and High Performance Delivered are trademarks of Accenture.
Learn more about cyber risk and resilience: