CYBER RISK MANAGEMENT

6 CHALLENGES AND SOLUTIONS

The Deloitte Center for Financial Services interviewed chief information security officers (CISOs) and cyber risk management experts across banking, insurance, and investment management to determine the biggest challenges financial services institutions (FSIs) face.

1. 

PRESENT vs. FUTURE REMEDIAL NEEDS

present-vs-future

CISOs must balance addressing current vulnerabilities with implementing security for new technologies.

arrow-bullet

Solutions: Plan for future innovations with cyber risk management in mind; stay agile by introducing change in short sprints.

Where are FSIs now?

Where might FSIs go from here?

2. 

WISE INVESTMENTS

wise-investments

Double-digit cyber risk management budget increases aren't sustainable, posing tough prioritization choices.

arrow-bullet

Solutions: Evaluate spending impact; take on the right solutions; gather enough resources to implement.

Where are FSIs now?

Where might FSIs go from here?

3. 

TALENT IN SHORT SUPPLY

talent

Recruiting, developing, and retaining top talent is the #1 problem for most CISOs interviewed.

arrow-bullet

Solutions: Look beyond FSIs when building teams—it may be easier to train newcomers for industry knowledge than for tech skills.

Where are FSIs now?

Where might FSIs go from here?

4. 

INNOVATION AND INTEGRATION

innovation

The proliferation of new solutions and integration challenges undermines effective cyber risk management.

arrow-bullet

Solutions: Better integrate security applications; purge software you don’t need; remember that vendor solutions don’t absolve them of responsibility for security.

Where are FSIs now?

Where might FSIs go from here?

5. 

STANDARDS AND REPORTING DEMANDS

standards

Lack of impactful measurements and standards hinders comparisons, increases time spent reporting, and impedes actual security efforts.

arrow-bullet

Solutions: Settle on industry benchmarks in cyber risk management “balance sheet;” take a holistic view of vulnerabilities; don’t overreact to new threats in the news.

Where are FSIs now?

Where might FSIs go from here?

6. 

CYBER RISK INTELLIGENCE SHARING

cyber-risk

Many cite legal ambiguity or regulatory hurdles while calling for threat assessment automation.

arrow-bullet

Solutions: Focus on action-based response intelligence; work toward improved analytics and automation.

Where are FSIs now?

Where might FSIs go from here?