Shifting from compliance to value-added approach could bolster financial services security 

If financial services institutions (FSIs) needed any reminder about how fragile cyber security can be, the distributed denial-of-service (DDoS) attack that shut down numerous popular websites globally in late October should leave a lasting impression. An unidentified criminal element attacked the servers of an entity that hundreds of websites depend on to direct online users to their intended URL destinations. Those servers seized up—effectively denying access to websites counting on them for traffic—after being assaulted by millions of malware-infected internet-of-things devices.

That intricately planned attack is a powerful reminder of the important transformative work on security that lies ahead for FSIs in the wake of digitalization, which organizations increasingly are embracing to remain competitive. Among those that already have, digitalization has led to dramatic changes and even wholesale disruption of business models.

It has compelled organizations to change how they interact with customers, manage operations and respond to new competition. In addition, the public now expects businesses to integrate their products with new services, leveraging available data obtained through digitalization to better serve customers in a transparent way.

But as Accenture discusses in a new report—Security in the Financial Services Sector–Ready for the “New”?—a compliance mindset drives most security functions at many organizations. There is a critical problem with that: Just making sure that regulations are met does not result in effective security practices that are efficient or resilient. Indeed, Accenture does not believe the most popular security practices deliver on this front. And we do not believe current security practices support organizations’ strategic growth initiatives.

In the age of digitalization and evolving “New IT” landscape, a transformed approach to security—one that touches every level of an organization and assists it in meeting its strategic goals—is key. Security should evolve into a value-added function. It has to not only protect the business through the challenges it faces in adopting digital technology but also allow organizations to pursue new opportunities that demand assuming an acceptable level of risk.

Security management is not there now. But that clearly is where it should head.

In this blog series, we will discuss the four initiatives FSIs can implement to establish this new approach to managing organizational security.

Next time:  Technology-related trends offer opportunities, shine risk management spotlight on financial firms.

To learn more, read:

Submit a Comment

Your email address will not be published. Required fields are marked *