SlideShare a Scribd company logo

How to Make Your Enterprise Cyber Resilient

Download as PPTX, PDF
accenture
accenture

Banks and other financial services firms need to recognize the threats of cyber risk in a different way. Many have put in place thick walls to protect themselves. But firms cannot be protected at all times from a cyber-related incident. So putting in place structures, technologies and processes to ensure resilience—or fast recovery—is as much or more important than simply putting more locks on the doors or building stronger walls. See www.accenture.com/CyberRisk for more.

Business
1 of 17
How to make your enterprise cyber resilient
Copyright © 2015 Accenture All rights reserved. 2Copyright © 2015 Accenture All rights reserved. 2 For more information, please visit: www.accenture.com/riskstudy2015 According to respondents from the 2015 Global Risk Research Study Cyber Risks are set to rise and are high priority on the CRO agenda 74% of insurance respondents expect cyber and IT risks to become more severe 65% of Banking respondents expect cyber risk to become more severe 58% of capital markets respondents expect an increase in the severity of cyber risks Cyber & IT Security Risk in Financial Services
Copyright © 2015 Accenture All rights reserved. 3 What is Cyber Risk? Cyber Risk Reputational Risk • Loss of Trust (internal and external) • Brand Damage / Loss of Intangible Value • Time intensive / costly to repair • Need to embrace Digital Technology and Operational Risk • Failure of infrastructure, processes or systems • Inability to operate/Run the business • Requires regular planning and oversight • Importance of effective and current controls Fraud and Financial Crime • Lost revenue and profit – high cost • High velocity and high frequency/relentless • Need to stay close to regulatory agenda • Requires both business and technology solutions Sources of Cyber Risk • Hacktivism • Hacker / Lone Wolf • Nation State Attacks • Insider Data Leakage • Social Engineering Internal Origins of Cyber Risk • Digital Banking Services • Payments • Electronic Trading • Third Parties • Technology Infrastructure Cyber Risk can manifest itself across several dimensions, making it difficult to detect, measure, and control
Copyright © 2015 Accenture All rights reserved. 4 Protecting Against the Cyber Threat is not a New Problem • Linear or horizontal approach is not working • Large Institutions lack the facts and processes • Challenge to understand what information needs to be protected and the most effective set of defense mechanisms • Companies that spend more on cyber resiliency do not necessarily manage cyber resilience risk in a more mature way Cyber resilience is a continual challenge due to the exponential rate at which people, processes and organization are connected digitally Historical Methods • It’s not possible to isolate the risk • Cyber risk does not respect your organizational structure • It’s not just a technology problem, but rather a technology, process and people problem • Firm that invest in and develop cyber capabilities to instill trust will have an competitive edge in the digital era New Paradigm
Copyright © 2015 Accenture All rights reserved. 5 Resilience • Downtime/Loss of service • Theft/Fraud • Loss of data • Impact to reputation/brand The ability to operate the business processes in normal and adverse scenarios without adverse outcomes • Secure processes and systems • Strong controls • A strong risk culture • Digitized/Automated processes Resilient businesses have: Resilience Prevents:
Copyright © 2015 Accenture All rights reserved. 6 A Comprehensive Approach helps Protect the Full Breadth of Entry Points and Operations which Underpin Financial Services Organizations Detect IdentifyRespond Prevent Detection and Identification – Tools and metrics to identify and log aspects to manage operations Operational Monitoring – Aligning the tools to identify and detect threats along with their escalation and oversight Event Response Plan – Structure to identify and manage action plans Business and IT Controls – Oversight of the controls and their testing programs and how to leverage COBIT®, ISA, ISO/IEC, NIST* controls Operating Model – Specifying the structure with people, organization, roles, tools and processes to govern. Crisis Management – Structure to manage incidents and notify impacted parties Risk Events - Scenarios which can impact the organization specific to Cyber threats Risk Identification – Aggregated set of typical risk associated with Cyber Risk How do we respond? What is the impact? How do we organize? How do we monitor?
Copyright © 2015 Accenture All rights reserved. 7 Measurement with a Purpose Observations and Hypotheses • Customers • Employees • Partner/Third Parties • Business Process • Support Process • Other Process • Software • Configurations • Access Management 1. Without the right metrics, Cyber Risk could become diluted and mis- aligned to business value 2. Historical key performance indicators (KPIs) may not provide insights 3. Board-level reporting has no clear standards and could be out of sync with the real threats 4. Techniques to model the scenarios, risk events and residual risk across the firm are not focused on cyber threats Process Technology People
Copyright © 2015 Accenture All rights reserved. 8 Measurement with a Purpose Common categories to consider for Cyber Risk Reporting 1. Board-Level Reporting 2. IT Risks 3. Operational 4. Advanced Analytics Infrastructure Third Parties SoftwareInternal Employee Training Data Loss Prevention Employee Monitoring External Vulnerabilities Surveillance Funding Risk/Reward Decisions IT Operations Fraud Target Residual Risk Access Management Physical SecurityHigh Crimes and Investigation New FocusRenewed focus
Copyright © 2015 Accenture All rights reserved. 9 Embed the first line of defense within technology organization. Create a centralized office with technology control officers across business lines which just focus upon IT. Cyber Risk Operating Models An operating model helps define the organization’s accountability for doing the work, supporting the right decisions and measure effectiveness Centralize an entire department as 2nd line of defense with examinations across the lines of business. Build highly specialized team and track similar to compliance function. Policy setting organization and influencer similar to data and privacy. Develop risk frameworks around IT, Data integrity, and operations and run as 2nd line of defense. Create an enterprise-wide risk function dedicated to identify, measure and respond to threats. Option 1 – Dedicated Function Option 0 – IT Centric Option 2 – Cyber Czar Option 3 – Risk Led
Copyright © 2015 Accenture All rights reserved. 10 Operating Model Analysis Each option should consider the tradeoffs with the firm’s ability to Prevent and Detect Threats Efficiency Ability to Prevent and Detect Threats Low High High Option 0 – IT Centric Option 1 – Dedicated Function Option 2 – Cyber Czar Option 3 – Risk Led
Copyright © 2015 Accenture All rights reserved. 11 Operating Model Analysis Each option should consider the tradeoffs with the firm’s ability to Prevent and Detect Threats Ability to Prevent and Detect Threats Low High High ValuetoCustomer Option 0 – IT Centric Option 1 – Dedicated Function Option 2 – Cyber Czar Option 3 – Risk Led
Copyright © 2015 Accenture All rights reserved. 12 Operating Model Analysis Each option should consider the tradeoffs with the firm’s ability to Prevent and Detect Threats Ability to Prevent and Detect Threats Low High High SpeedtoExecute Option 0 – IT Centric Option 1 – Dedicated Function Option 2 – Cyber Czar Option 3 – Risk Led
Copyright © 2015 Accenture All rights reserved. 13 1. Training and Risk Culture – Taking your unique organization and infusing the right cyber risk behaviors 2. Controls – Where are the weak points – build robust set of controls across operations, business and IT 3. Measurement with a Purpose – What is going on without you knowing it – creating metrics which help expose the risks 4. Operating Model – How do you work with the rest of the organization - assigning clear lines of accountability and ownership 5. Resilience – At some point it will go wrong, how do you get the best outcome from the worst situation? The Top 5 Priorities to Get Right Cyber Risk does not fit neatly into a single organization node to then be managed and mitigated effectively
Copyright © 2015 Accenture All rights reserved. 14 A risk-based approach helps to set priorities, establish a risk appetite (and a budget) and bring order and priority in place of reaction Holistic Capabilities to help Deliver Resilient Solutions More institutions are focusing on a better way to address the challenges of cyber risk, but few have mastered it Establish effective controls for people, process and technology to facilitate effective surveillance and improved incident response to deliver resilient solutions
Glossary COBIT: Control Objectives for Information and Related Technology. COBIT® is a trademark of ISACA® registered in the United States and other countries. ISA: Information Society of Automation ISO: International Organization for Standardization IEC: International Electrotechnical Commission NIST: National Institute of Standards and Technology
How to Make your Enterprise Cyber Resilient Disclaimer: This presentation is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals. About Accenture Accenture is a global management consulting, technology services and outsourcing company, with more than 358,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the world’s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US$31.0 billion for the fiscal year ended Aug. 31, 2015. Its home page is www.accenture.com. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.
Learn more about cyber risk and resilience: www.accenture.com/CyberRisk

Recommended

Swiss Digital Index 2015
Swiss Digital Index 2015Swiss Digital Index 2015
Swiss Digital Index 2015
accenture
 
Fintech New York: Partnerships, Platforms and Open Innovation
Fintech New York: Partnerships, Platforms and Open InnovationFintech New York: Partnerships, Platforms and Open Innovation
Fintech New York: Partnerships, Platforms and Open Innovation
accenture
 
Growth Game Changer
Growth Game ChangerGrowth Game Changer
Growth Game Changer
accenture
 
Digital Disconnect in Customer Engagement
Digital Disconnect in Customer EngagementDigital Disconnect in Customer Engagement
Digital Disconnect in Customer Engagement
accenture
 
Seeing beyond the Loyalty Illusion: It’s Time You Invest More Wisely
Seeing beyond the Loyalty Illusion: It’s Time You Invest More Wisely Seeing beyond the Loyalty Illusion: It’s Time You Invest More Wisely
Seeing beyond the Loyalty Illusion: It’s Time You Invest More Wisely
accenture
 
Regulatory Compliance: Automated Digital Assistant
Regulatory Compliance: Automated Digital AssistantRegulatory Compliance: Automated Digital Assistant
Regulatory Compliance: Automated Digital Assistant
accenture
 
AI and the Future of Growth
AI and the Future of GrowthAI and the Future of Growth
AI and the Future of Growth
Accenture Technology
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
sarah kabirat
 

Recommended

Swiss Digital Index 2015
Swiss Digital Index 2015Swiss Digital Index 2015
Swiss Digital Index 2015
accenture
 
Fintech New York: Partnerships, Platforms and Open Innovation
Fintech New York: Partnerships, Platforms and Open InnovationFintech New York: Partnerships, Platforms and Open Innovation
Fintech New York: Partnerships, Platforms and Open Innovation
accenture
 
Growth Game Changer
Growth Game ChangerGrowth Game Changer
Growth Game Changer
accenture
 
Digital Disconnect in Customer Engagement
Digital Disconnect in Customer EngagementDigital Disconnect in Customer Engagement
Digital Disconnect in Customer Engagement
accenture
 
Seeing beyond the Loyalty Illusion: It’s Time You Invest More Wisely
Seeing beyond the Loyalty Illusion: It’s Time You Invest More Wisely Seeing beyond the Loyalty Illusion: It’s Time You Invest More Wisely
Seeing beyond the Loyalty Illusion: It’s Time You Invest More Wisely
accenture
 
Regulatory Compliance: Automated Digital Assistant
Regulatory Compliance: Automated Digital AssistantRegulatory Compliance: Automated Digital Assistant
Regulatory Compliance: Automated Digital Assistant
accenture
 
AI and the Future of Growth
AI and the Future of GrowthAI and the Future of Growth
AI and the Future of Growth
Accenture Technology
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
sarah kabirat
 
The cyber resilient enterprise
The cyber resilient enterpriseThe cyber resilient enterprise
The cyber resilient enterprise
Andrew Bycroft
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Push to Pull: From Supply Chains to Patient-Centric Value Networks
Push to Pull: From Supply Chains to Patient-Centric Value NetworksPush to Pull: From Supply Chains to Patient-Centric Value Networks
Push to Pull: From Supply Chains to Patient-Centric Value Networks
accenture
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
Mastering Chemical Industry Disruption: Megatrends That Matter
Mastering Chemical Industry Disruption: Megatrends That MatterMastering Chemical Industry Disruption: Megatrends That Matter
Mastering Chemical Industry Disruption: Megatrends That Matter
accenture
 
The Challenge of Wi-Fi: Providing a Consistent Customer Experience over Unlic...
The Challenge of Wi-Fi: Providing a Consistent Customer Experience over Unlic...The Challenge of Wi-Fi: Providing a Consistent Customer Experience over Unlic...
The Challenge of Wi-Fi: Providing a Consistent Customer Experience over Unlic...
accenture
 
Patient-Centric Care in the Pharmaceutical Industry
Patient-Centric Care in the Pharmaceutical IndustryPatient-Centric Care in the Pharmaceutical Industry
Patient-Centric Care in the Pharmaceutical Industry
KatieEnglishTutoring
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leader
accenture
 
Navigating the Crude Cycle: 10 Strategic Actions for oilfield service and equ...
Navigating the Crude Cycle: 10 Strategic Actions for oilfield service and equ...Navigating the Crude Cycle: 10 Strategic Actions for oilfield service and equ...
Navigating the Crude Cycle: 10 Strategic Actions for oilfield service and equ...
accenture
 
Accenture 2015 Global Risk Management Study: North American Banking Report Ke...
Accenture 2015 Global Risk Management Study: North American Banking Report Ke...Accenture 2015 Global Risk Management Study: North American Banking Report Ke...
Accenture 2015 Global Risk Management Study: North American Banking Report Ke...
accenture
 
Mastering Chemical Industry Disruption: The Race is On
Mastering Chemical Industry Disruption: The Race is OnMastering Chemical Industry Disruption: The Race is On
Mastering Chemical Industry Disruption: The Race is On
accenture
 
A new era for the chemicals industry: Cloud computing changes the game
A new era for the chemicals industry: Cloud computing changes the gameA new era for the chemicals industry: Cloud computing changes the game
A new era for the chemicals industry: Cloud computing changes the game
accenture
 
Cyber resilient infrastructure infographic
Cyber resilient infrastructure infographicCyber resilient infrastructure infographic
Cyber resilient infrastructure infographic
Atkins
 
Accenture Spend Trends Report Q3 2014
Accenture Spend Trends Report Q3 2014Accenture Spend Trends Report Q3 2014
Accenture Spend Trends Report Q3 2014
accenture
 
Accenture Spend Trends Report Q1 2015
Accenture Spend Trends Report Q1 2015Accenture Spend Trends Report Q1 2015
Accenture Spend Trends Report Q1 2015
accenture
 
Connected Commerce Hits the Road
Connected Commerce Hits the RoadConnected Commerce Hits the Road
Connected Commerce Hits the Road
accenture
 
The Industrialist: Trends & Innovations - January 2024
The Industrialist: Trends & Innovations - January 2024The Industrialist: Trends & Innovations - January 2024
The Industrialist: Trends & Innovations - January 2024
accenture
 
The Industrialist: Trends & Innovations - September 2023
The Industrialist: Trends & Innovations - September 2023The Industrialist: Trends & Innovations - September 2023
The Industrialist: Trends & Innovations - September 2023
accenture
 
Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education
accenture
 
The Industrialist: Trends & Innovations - July 2023
The Industrialist: Trends & Innovations - July 2023The Industrialist: Trends & Innovations - July 2023
The Industrialist: Trends & Innovations - July 2023
accenture
 
Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education
accenture
 
Engineering Services: con gli ingegneri per creare valore sostenibile
Engineering Services: con gli ingegneri per creare valore sostenibileEngineering Services: con gli ingegneri per creare valore sostenibile
Engineering Services: con gli ingegneri per creare valore sostenibile
accenture
 

More Related Content

Viewers also liked

Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 

Viewers also liked (16)

The cyber resilient enterprise
The cyber resilient enterpriseThe cyber resilient enterprise
The cyber resilient enterprise
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Push to Pull: From Supply Chains to Patient-Centric Value Networks
Push to Pull: From Supply Chains to Patient-Centric Value NetworksPush to Pull: From Supply Chains to Patient-Centric Value Networks
Push to Pull: From Supply Chains to Patient-Centric Value Networks
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Mastering Chemical Industry Disruption: Megatrends That Matter
Mastering Chemical Industry Disruption: Megatrends That MatterMastering Chemical Industry Disruption: Megatrends That Matter
Mastering Chemical Industry Disruption: Megatrends That Matter
 
The Challenge of Wi-Fi: Providing a Consistent Customer Experience over Unlic...
The Challenge of Wi-Fi: Providing a Consistent Customer Experience over Unlic...The Challenge of Wi-Fi: Providing a Consistent Customer Experience over Unlic...
The Challenge of Wi-Fi: Providing a Consistent Customer Experience over Unlic...
 
Patient-Centric Care in the Pharmaceutical Industry
Patient-Centric Care in the Pharmaceutical IndustryPatient-Centric Care in the Pharmaceutical Industry
Patient-Centric Care in the Pharmaceutical Industry
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leader
 
Navigating the Crude Cycle: 10 Strategic Actions for oilfield service and equ...
Navigating the Crude Cycle: 10 Strategic Actions for oilfield service and equ...Navigating the Crude Cycle: 10 Strategic Actions for oilfield service and equ...
Navigating the Crude Cycle: 10 Strategic Actions for oilfield service and equ...
 
Accenture 2015 Global Risk Management Study: North American Banking Report Ke...
Accenture 2015 Global Risk Management Study: North American Banking Report Ke...Accenture 2015 Global Risk Management Study: North American Banking Report Ke...
Accenture 2015 Global Risk Management Study: North American Banking Report Ke...
 
Mastering Chemical Industry Disruption: The Race is On
Mastering Chemical Industry Disruption: The Race is OnMastering Chemical Industry Disruption: The Race is On
Mastering Chemical Industry Disruption: The Race is On
 
A new era for the chemicals industry: Cloud computing changes the game
A new era for the chemicals industry: Cloud computing changes the gameA new era for the chemicals industry: Cloud computing changes the game
A new era for the chemicals industry: Cloud computing changes the game
 
Cyber resilient infrastructure infographic
Cyber resilient infrastructure infographicCyber resilient infrastructure infographic
Cyber resilient infrastructure infographic
 
Accenture Spend Trends Report Q3 2014
Accenture Spend Trends Report Q3 2014Accenture Spend Trends Report Q3 2014
Accenture Spend Trends Report Q3 2014
 
Accenture Spend Trends Report Q1 2015
Accenture Spend Trends Report Q1 2015Accenture Spend Trends Report Q1 2015
Accenture Spend Trends Report Q1 2015
 
Connected Commerce Hits the Road
Connected Commerce Hits the RoadConnected Commerce Hits the Road
Connected Commerce Hits the Road
 

More from accenture

More from accenture (20)

The Industrialist: Trends & Innovations - January 2024
The Industrialist: Trends & Innovations - January 2024The Industrialist: Trends & Innovations - January 2024
The Industrialist: Trends & Innovations - January 2024
 
The Industrialist: Trends & Innovations - September 2023
The Industrialist: Trends & Innovations - September 2023The Industrialist: Trends & Innovations - September 2023
The Industrialist: Trends & Innovations - September 2023
 
Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education
 
The Industrialist: Trends & Innovations - July 2023
The Industrialist: Trends & Innovations - July 2023The Industrialist: Trends & Innovations - July 2023
The Industrialist: Trends & Innovations - July 2023
 
Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education Accenture Technology Vision - How the trends apply to higher education
Accenture Technology Vision - How the trends apply to higher education
 
Engineering Services: con gli ingegneri per creare valore sostenibile
Engineering Services: con gli ingegneri per creare valore sostenibileEngineering Services: con gli ingegneri per creare valore sostenibile
Engineering Services: con gli ingegneri per creare valore sostenibile
 
Digital Euro: Implications for the Financial System
Digital Euro: Implications for the Financial SystemDigital Euro: Implications for the Financial System
Digital Euro: Implications for the Financial System
 
More deals, less money: the Black founder funding journey
More deals, less money: the Black founder funding journeyMore deals, less money: the Black founder funding journey
More deals, less money: the Black founder funding journey
 
The Industrialist: Trends & Innovations - June 2023
The Industrialist: Trends & Innovations - June 2023The Industrialist: Trends & Innovations - June 2023
The Industrialist: Trends & Innovations - June 2023
 
Reinventing Enterprise Operations
Reinventing Enterprise OperationsReinventing Enterprise Operations
Reinventing Enterprise Operations
 
Semiconductor Gender Parity Study
Semiconductor Gender Parity StudySemiconductor Gender Parity Study
Semiconductor Gender Parity Study
 
The Industrialist: Trends & Innovations - March 2023
The Industrialist: Trends & Innovations - March 2023The Industrialist: Trends & Innovations - March 2023
The Industrialist: Trends & Innovations - March 2023
 
Nonprofit reinvention in a time of unprecedented change
Nonprofit reinvention in a time of unprecedented change Nonprofit reinvention in a time of unprecedented change
Nonprofit reinvention in a time of unprecedented change
 
Free to be 100% me
Free to be 100% meFree to be 100% me
Free to be 100% me
 
The Industrialist: Trends & Innovations - February 2023
The Industrialist: Trends & Innovations - February 2023The Industrialist: Trends & Innovations - February 2023
The Industrialist: Trends & Innovations - February 2023
 
Mundo gamer e a oportunidade de entrada pela abordagem do movimento
Mundo gamer e a oportunidade de entrada pela abordagem do movimentoMundo gamer e a oportunidade de entrada pela abordagem do movimento
Mundo gamer e a oportunidade de entrada pela abordagem do movimento
 
Pathways to Profitability for the Communications Industry
Pathways to Profitability for the Communications IndustryPathways to Profitability for the Communications Industry
Pathways to Profitability for the Communications Industry
 
The Industrialist: Trends & Innovations - January 2023
The Industrialist: Trends & Innovations - January 2023The Industrialist: Trends & Innovations - January 2023
The Industrialist: Trends & Innovations - January 2023
 
Reimagining the Agenda | Accenture
Reimagining the Agenda | AccentureReimagining the Agenda | Accenture
Reimagining the Agenda | Accenture
 
Climate Leadership Eleventh Hour | Accenture
Climate Leadership Eleventh Hour | AccentureClimate Leadership Eleventh Hour | Accenture
Climate Leadership Eleventh Hour | Accenture
 

Recently uploaded

WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
Western Alaska Minerals Corp.
 
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra
 
一比一原版(USYD毕业证书)悉尼大学毕业证原件一模一样
一比一原版(USYD毕业证书)悉尼大学毕业证原件一模一样一比一原版(USYD毕业证书)悉尼大学毕业证原件一模一样
一比一原版(USYD毕业证书)悉尼大学毕业证原件一模一样
AS
 
What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...
srcw2322l101
 
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot ReportFuture of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Dubai Multi Commodity Centre
 
Presentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledPresentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelled
CaitlinCummins3
 
Powerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metricsPowerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metrics
CaitlinCummins3
 
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
nafizanafzal
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 

Recently uploaded (20)

WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
 
How to refresh to be fit for the future world
How to refresh to be fit for the future worldHow to refresh to be fit for the future world
How to refresh to be fit for the future world
 
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
 
Goal Presentation_NEW EMPLOYEE_NETAPS FOUNDATION.pptx
Goal Presentation_NEW EMPLOYEE_NETAPS FOUNDATION.pptxGoal Presentation_NEW EMPLOYEE_NETAPS FOUNDATION.pptx
Goal Presentation_NEW EMPLOYEE_NETAPS FOUNDATION.pptx
 
一比一原版(USYD毕业证书)悉尼大学毕业证原件一模一样
一比一原版(USYD毕业证书)悉尼大学毕业证原件一模一样一比一原版(USYD毕业证书)悉尼大学毕业证原件一模一样
一比一原版(USYD毕业证书)悉尼大学毕业证原件一模一样
 
What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...
 
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot ReportFuture of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdf
 
Presentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledPresentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelled
 
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
 
The Art of Decision-Making: Navigating Complexity and Uncertainty
The Art of Decision-Making: Navigating Complexity and UncertaintyThe Art of Decision-Making: Navigating Complexity and Uncertainty
The Art of Decision-Making: Navigating Complexity and Uncertainty
 
First Time Home Buyer's Guide - KM Realty Group LLC
First Time Home Buyer's Guide - KM Realty Group LLCFirst Time Home Buyer's Guide - KM Realty Group LLC
First Time Home Buyer's Guide - KM Realty Group LLC
 
South Africa's 10 Most Influential CIOs to Watch.pdf
South Africa's 10 Most Influential CIOs to Watch.pdfSouth Africa's 10 Most Influential CIOs to Watch.pdf
South Africa's 10 Most Influential CIOs to Watch.pdf
 
High Profile Bangalore Just VIP Brigade Road 100% Genuine at your Door Step
High Profile Bangalore Just VIP Brigade Road 100% Genuine at your Door StepHigh Profile Bangalore Just VIP Brigade Road 100% Genuine at your Door Step
High Profile Bangalore Just VIP Brigade Road 100% Genuine at your Door Step
 
Powerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metricsPowerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metrics
 
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
 
wagamamaLab presentation @MIT 20240509 IRODORI
wagamamaLab presentation @MIT 20240509 IRODORIwagamamaLab presentation @MIT 20240509 IRODORI
wagamamaLab presentation @MIT 20240509 IRODORI
 
HAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future ProspectsHAL Financial Performance Analysis and Future Prospects
HAL Financial Performance Analysis and Future Prospects
 
Should Law Firms Outsource their Bookkeeping
Should Law Firms Outsource their BookkeepingShould Law Firms Outsource their Bookkeeping
Should Law Firms Outsource their Bookkeeping
 

How to Make Your Enterprise Cyber Resilient

  • 1. How to make your enterprise cyber resilient
  • 2. Copyright © 2015 Accenture All rights reserved. 2Copyright © 2015 Accenture All rights reserved. 2 For more information, please visit: www.accenture.com/riskstudy2015 According to respondents from the 2015 Global Risk Research Study Cyber Risks are set to rise and are high priority on the CRO agenda 74% of insurance respondents expect cyber and IT risks to become more severe 65% of Banking respondents expect cyber risk to become more severe 58% of capital markets respondents expect an increase in the severity of cyber risks Cyber & IT Security Risk in Financial Services
  • 3. Copyright © 2015 Accenture All rights reserved. 3 What is Cyber Risk? Cyber Risk Reputational Risk • Loss of Trust (internal and external) • Brand Damage / Loss of Intangible Value • Time intensive / costly to repair • Need to embrace Digital Technology and Operational Risk • Failure of infrastructure, processes or systems • Inability to operate/Run the business • Requires regular planning and oversight • Importance of effective and current controls Fraud and Financial Crime • Lost revenue and profit – high cost • High velocity and high frequency/relentless • Need to stay close to regulatory agenda • Requires both business and technology solutions Sources of Cyber Risk • Hacktivism • Hacker / Lone Wolf • Nation State Attacks • Insider Data Leakage • Social Engineering Internal Origins of Cyber Risk • Digital Banking Services • Payments • Electronic Trading • Third Parties • Technology Infrastructure Cyber Risk can manifest itself across several dimensions, making it difficult to detect, measure, and control
  • 4. Copyright © 2015 Accenture All rights reserved. 4 Protecting Against the Cyber Threat is not a New Problem • Linear or horizontal approach is not working • Large Institutions lack the facts and processes • Challenge to understand what information needs to be protected and the most effective set of defense mechanisms • Companies that spend more on cyber resiliency do not necessarily manage cyber resilience risk in a more mature way Cyber resilience is a continual challenge due to the exponential rate at which people, processes and organization are connected digitally Historical Methods • It’s not possible to isolate the risk • Cyber risk does not respect your organizational structure • It’s not just a technology problem, but rather a technology, process and people problem • Firm that invest in and develop cyber capabilities to instill trust will have an competitive edge in the digital era New Paradigm
  • 5. Copyright © 2015 Accenture All rights reserved. 5 Resilience • Downtime/Loss of service • Theft/Fraud • Loss of data • Impact to reputation/brand The ability to operate the business processes in normal and adverse scenarios without adverse outcomes • Secure processes and systems • Strong controls • A strong risk culture • Digitized/Automated processes Resilient businesses have: Resilience Prevents:
  • 6. Copyright © 2015 Accenture All rights reserved. 6 A Comprehensive Approach helps Protect the Full Breadth of Entry Points and Operations which Underpin Financial Services Organizations Detect IdentifyRespond Prevent Detection and Identification – Tools and metrics to identify and log aspects to manage operations Operational Monitoring – Aligning the tools to identify and detect threats along with their escalation and oversight Event Response Plan – Structure to identify and manage action plans Business and IT Controls – Oversight of the controls and their testing programs and how to leverage COBIT®, ISA, ISO/IEC, NIST* controls Operating Model – Specifying the structure with people, organization, roles, tools and processes to govern. Crisis Management – Structure to manage incidents and notify impacted parties Risk Events - Scenarios which can impact the organization specific to Cyber threats Risk Identification – Aggregated set of typical risk associated with Cyber Risk How do we respond? What is the impact? How do we organize? How do we monitor?
  • 7. Copyright © 2015 Accenture All rights reserved. 7 Measurement with a Purpose Observations and Hypotheses • Customers • Employees • Partner/Third Parties • Business Process • Support Process • Other Process • Software • Configurations • Access Management 1. Without the right metrics, Cyber Risk could become diluted and mis- aligned to business value 2. Historical key performance indicators (KPIs) may not provide insights 3. Board-level reporting has no clear standards and could be out of sync with the real threats 4. Techniques to model the scenarios, risk events and residual risk across the firm are not focused on cyber threats Process Technology People
  • 8. Copyright © 2015 Accenture All rights reserved. 8 Measurement with a Purpose Common categories to consider for Cyber Risk Reporting 1. Board-Level Reporting 2. IT Risks 3. Operational 4. Advanced Analytics Infrastructure Third Parties SoftwareInternal Employee Training Data Loss Prevention Employee Monitoring External Vulnerabilities Surveillance Funding Risk/Reward Decisions IT Operations Fraud Target Residual Risk Access Management Physical SecurityHigh Crimes and Investigation New FocusRenewed focus
  • 9. Copyright © 2015 Accenture All rights reserved. 9 Embed the first line of defense within technology organization. Create a centralized office with technology control officers across business lines which just focus upon IT. Cyber Risk Operating Models An operating model helps define the organization’s accountability for doing the work, supporting the right decisions and measure effectiveness Centralize an entire department as 2nd line of defense with examinations across the lines of business. Build highly specialized team and track similar to compliance function. Policy setting organization and influencer similar to data and privacy. Develop risk frameworks around IT, Data integrity, and operations and run as 2nd line of defense. Create an enterprise-wide risk function dedicated to identify, measure and respond to threats. Option 1 – Dedicated Function Option 0 – IT Centric Option 2 – Cyber Czar Option 3 – Risk Led
  • 10. Copyright © 2015 Accenture All rights reserved. 10 Operating Model Analysis Each option should consider the tradeoffs with the firm’s ability to Prevent and Detect Threats Efficiency Ability to Prevent and Detect Threats Low High High Option 0 – IT Centric Option 1 – Dedicated Function Option 2 – Cyber Czar Option 3 – Risk Led
  • 11. Copyright © 2015 Accenture All rights reserved. 11 Operating Model Analysis Each option should consider the tradeoffs with the firm’s ability to Prevent and Detect Threats Ability to Prevent and Detect Threats Low High High ValuetoCustomer Option 0 – IT Centric Option 1 – Dedicated Function Option 2 – Cyber Czar Option 3 – Risk Led
  • 12. Copyright © 2015 Accenture All rights reserved. 12 Operating Model Analysis Each option should consider the tradeoffs with the firm’s ability to Prevent and Detect Threats Ability to Prevent and Detect Threats Low High High SpeedtoExecute Option 0 – IT Centric Option 1 – Dedicated Function Option 2 – Cyber Czar Option 3 – Risk Led
  • 13. Copyright © 2015 Accenture All rights reserved. 13 1. Training and Risk Culture – Taking your unique organization and infusing the right cyber risk behaviors 2. Controls – Where are the weak points – build robust set of controls across operations, business and IT 3. Measurement with a Purpose – What is going on without you knowing it – creating metrics which help expose the risks 4. Operating Model – How do you work with the rest of the organization - assigning clear lines of accountability and ownership 5. Resilience – At some point it will go wrong, how do you get the best outcome from the worst situation? The Top 5 Priorities to Get Right Cyber Risk does not fit neatly into a single organization node to then be managed and mitigated effectively
  • 14. Copyright © 2015 Accenture All rights reserved. 14 A risk-based approach helps to set priorities, establish a risk appetite (and a budget) and bring order and priority in place of reaction Holistic Capabilities to help Deliver Resilient Solutions More institutions are focusing on a better way to address the challenges of cyber risk, but few have mastered it Establish effective controls for people, process and technology to facilitate effective surveillance and improved incident response to deliver resilient solutions
  • 15. Glossary COBIT: Control Objectives for Information and Related Technology. COBIT® is a trademark of ISACA® registered in the United States and other countries. ISA: Information Society of Automation ISO: International Organization for Standardization IEC: International Electrotechnical Commission NIST: National Institute of Standards and Technology
  • 16. How to Make your Enterprise Cyber Resilient Disclaimer: This presentation is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals. About Accenture Accenture is a global management consulting, technology services and outsourcing company, with more than 358,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the world’s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US$31.0 billion for the fiscal year ended Aug. 31, 2015. Its home page is www.accenture.com. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.
  • 17. Learn more about cyber risk and resilience: www.accenture.com/CyberRisk

Editor's Notes

  1. Financial services organizations need to recognize the threats of cyber risk in a different way. Many have put in place thick walls to protect themselves. But the threats from a cyber event perspective are becoming more prolific. So although the walls are in place, the threats or activities to commit fraud or attack a firm are expanding. Organizations cannot protect themselves at all times from a cyber-related incident. So putting in place structures, technologies and processes to ensure resilience—or fast recovery—is as much or more important than simply putting more locks on the doors or building stronger walls.
  2. Historical Methods Linear or Horizontal Approach is not working – This is Network or matrix problem of technology, process and people Large Institutions lack the facts and processes to make and implement effective decisions about cyber resilience Large institutions do not systematically understand which information assets need to be protected, who are their attackers, what is their appetite or which is the most effective set of defense mechanisms Companies that spend more on cyber resiliency do not necessarily manage cyber resilience risk in a more mature way New Paradigm It is not possible to isolate the risk. The common notion of security implies isolation and it is impossible to draw a clear ring around cyber resilience. Weakest links are often customers and employees and third parties Not just a technology problem, but rather a technology, process and people problem Cyber risk does not respect your organizational structure i.e. the operating model for identifying, measuring and managing the risk does not match how firms are being attached. Firm that invest in and develop cyber capabilities to instill trust in customers, the public and its investors will have an competitive edge in the digital era
  3. Improve Communicate with senior management about the risk organizations impact on the overall Cyber Risk Profile Demonstrate the value of current and future Cyber/IT management activities Improve capital management and profitability by putting Cyber/IT related capital to better use Enable all the stakeholders to understand the contribution risk management makes to the firm and to understand the value of controls Identify the outcomes by which we can assess effectiveness of program and controls
  4. Option 0 – Do nothing, embedded with IT Option 1- How compliance is organized, dec