Detect, respond, recover
Cyber security has never been more challenging – and the Central Bank of Ireland has now stated that the boards of Fund Management companies will be responsible for ensuring robust systems are in place.
A cyber attack can cause rippling brand, reputation, and financial damage within hours. While massive data breaches are commonplace, a growing number of attackers are after more than data and financial gain; they can be out to cause widespread chaos, destroy or disrupt operations, or undermine the competitive standing or market position of their target.
The Central Bank of Ireland has stressed that the IT department should not bare sole responsibility and that Fund Services boards should have proper oversight of cyber security readiness. Fund Services are not alone, a number of organsiations find this an exceptionally challenging time to be developing a cybersecurity program.
While the attackers adjust and develop their tactics at an alarming pace, security leaders also face growing pressure from directors and executives, a constantly shifting regulatory environment, and an erosion of direct control over the complex and fast-changing technology environment.
While the challenges may seem infinite, budgets and talent are not. Directors can play a proactive role in helping Fund Services to not only meet minimum regulatory requirements, but also build an enhanced security oversight function and understand their risk appetite. This will require regular updating as cyber security risks will evolve on a continuous basis.
What can Deloitte do to protect your business?
Deloitte offers a wide range of services including Cyber Security Maturity assessments, Penetration testing and Vulnerability management, and Security Awareness training which can aid Fund Service orgainisations in securing not only their IT assets but their people.
The need to detect, respond and recover has never been greater
•Cyber incidents are serious business crises that impact broader business objectives for organizations across industries.
•The ability to promptly respond to and recover from cyber incidents is a top issue for senior executives and board members.
•The need for speed to react to cyber incidents is critical to organizations.
•Cyber incidents impacting consumer confidentiality and economic stability are drawing increased regulatory scrutiny.
•The complexity of corporate eco-systems, including suppliers and partners, increases the difficulty of recovery following cyber incidents.
•Accurate and timely information and intelligence is critical in making time-sensitive decisions to recover essential business functions.
•Having an Incident Response plan is not enough – the plan must be understood and exercised across the entire organization, including business leaders.
Cyber security is more than a technology problem.
For many organizations, cyber incident occurrences aren’t a question of "if,” but "when.”
This reality makes developing effective response strategies a critical imperative for any business.