How can the highly-targeted financial services industry remain operational and resilience in a year of escalating state-sponsored threats and cyberattacks?

As cyber threats become more frequent and severe, the financial services industry is currently undergoing profound technological transformation.

Embracing cloud computing, AI and blockchain offers strong potential for innovation, development of new financial products and services, and increased market interconnectedness. However, these benefits also come with potential risks.

This means firms not only need to understand the risks, but they also need to be proactive in forming strategies to safeguard against them. Four areas are critical to achieving these objectives and advancing operational resilience and cybersecurity capabilities.

Jason Harrell, Managing Director, Operational and Technology Risk/Head of External Engagement, DTCC

    1. Third-party and supply chain risk management

    As a result of increasing reliance on third parties to deliver critical operations, financial institutions and authorities continue to identify and document effective practices to mitigate the risks faced. At the end of 2023, the Financial Stability Board published its toolkit, Enhancing Third-Party Risk Management and Oversight that could drive enhancements to third-party risk programs that deliver increased operational resilience for firms.

    2. Cyber incident reporting

    Knowledge is power, and the ability to quickly share incident information with the right audience — with the proper amount of detail — can collectively help protect the global financial markets. Unfortunately, the evolution of cyber incident reporting has led to disparate reporting frameworks across jurisdictions, making it more difficult to achieve this ultimate goal. It is anticipated that several policy initiatives will be proposed in this space in the coming months and years, including the FSB Format for Incident Reporting Exchange. Timely and transparent reporting mechanisms can foster collective intelligence that can be used to pre-emptively enhance protections against evolving cyber threats.

    3. Awareness and training

    It is important that financial services firms recognize that cybersecurity and resilience are not efforts that can be taken on by one individual or one team. To be effective, risk management and resilience must be embedded into the operational culture of firms. In support of this, organizations must continue to prioritize employee education and training programs that instill a risk and resilience mindset across all levels of a firm. Empowering employees with the knowledge to consider potential threats and possible mitigations can be an invaluable tool that strengthens the resilience of the industry.

    4. Industry-wide collaboration

    Broad collaborative efforts on resilience and cybersecurity must also occur at an industry level. Financial authorities play a pivotal role in shaping the industry’s continued evolution in this space. Collaboration between financial authorities and financial institutions is indispensable in fostering an environment conducive to enhanced data sharing and robust regulatory frameworks.

Through enhanced resilience and cybersecurity efforts we expect the financial sector will take another leap forward toward further strengthening the markets.

Historically, the focus on prevention has and will continue to evolve into an all-encompassing philosophy of operational resilience across entire organizations. By adhering to the four focus points listed above, the industry will be best positioned to deliver a resilient and secure future.