Overcoming board-level cybersecurity obstacles in the financial services industry

Written by FinTech Futures
6th September 2017

Dottie Schindlinger, Diligent

Today’s financial services institutions are challenged to keep pace with changing and covert cybersecurity threats. Since financial institutions are among some of the most appealing targets for hackers, it is critical for these organisations to remain extra vigilant about securing confidential information.

As the stakes increase, and with phishing’s dark cousin “whaling” – a type of fraud that targets high-profile end users, such as C-level corporate executives, politicians and celebrities – now a major concern, senior executives and board members alike are being held increasingly accountable for corporate missteps. Yet many are facing their own unique and persistent cybersecurity threats, such as whaling attacks that add another layer of risk into the organisation.

With cybersecurity identified as one of the industry’s top risks, it is essential that financial institutions develop and implement effective systems, processes and protocols with the C-suite and the board in mind to prevent damaging incidents from occurring. Here are three areas in need of immediate attention within companies large and small in the financial services sector:

1. Renew focus on compliance

To ensure effective cybersecurity, financial institutions need to be mindful of all new and evolving federal, state (if operating in the US) and industry compliance standards. While many states have already adopted data breach notification laws, they are also now focusing on the importance of breach prevention.

Most recently, the State of New York’s Department of Financial Services (DFS) put a law into effect that directly addresses cybersecurity requirements for financial services companies. The law requires all financial institutions doing business in New York to comply with the new cybersecurity regulations at DFS, with directors required to certify that cybersecurity policies exist and are effective.

While the regulations currently impact only financial services firms, it includes all those conducting business in New York, and over the next two years, will extend to any third-party vendors doing business with these firms as well. This new regulation will likely be the first of many similar ones, impacting hundreds of companies.

2. Know and manage against cost of failure

The true cost of failed cybersecurity and data exposure for a company was once impossible to estimate. Now, thanks to a renegotiated Yahoo-Verizon deal, it has become evident, and is estimated at around $350 million. This astounding drop in price, coupled with new regulations that have been put in place, should serve as a wake-up call to the collective business world. It makes it especially clear that financial services institutions must now take the appropriate steps to ensure that the highly sensitive and valuable personal data they hold remains secure, no matter what. Every company must have a cybersecurity plan in place, and everyone, including board members, must take part in these efforts.

Beyond this regulation, directors and other senior executives are responsible for ensuring the value of their brand – and today that value is closely tied to data protection and cybersecurity. Without solid security education and training, everyone within an organization has the potential to put their company in jeopardy of a data breach and its potential fallout, which includes costly fines and often a reputation hit.

A recent study undertaken jointly by NYSE Governance Services and Diligent Corporation found that 62% of corporate directors are not required to take any cybersecurity training; only 9% were required to take the same level of cybersecurity training as the rest of the company’s employees.

Meanwhile, nine out of ten directors use unsecured, personal email accounts (including Yahoo! Mail, Gmail and other systems) at least occasionally to send messages related to board business, and half of directors had no knowledge of whether the company’s information security team monitors or audits the board’s adherence to the company’s communication policies. This presents a huge threat to corporate security and governance.

3. Enforce a top-to-bottom approach

It is especially important for financial institutions to limit potential exposure and to regain critical control over sensitive data, with regular reporting provided to the board. However, this will require directors to improve their general understanding of cyber risk and cybersecurity practices and policies.

The Ponemon Institute and Fidelis Cybersecurity recently released a report, which revealed a shocking lack of critical cybersecurity knowledge from top-level leaders. Specifically, only 41% of board members claim to have expertise in cybersecurity and another 26% said that they have minimal or no knowledge of cybersecurity.

Furthermore, directors’ behaviors might unknowingly be putting their companies at risk. Recognising that there is no limit to the potential damages posed to a company by a data breach, as made clear by recent headlines, those at the helm of these organisations’ risk management and governance departments must educate these company representatives and plan ahead accordingly.

Since many top-level leaders – including the board of directors – are routinely sending/sharing confidential and potentially damaging information via private email accounts without any understanding of the risks posed by that convenient practice, it is essential to educate them. To make certain that these company representatives are aware of the vulnerable and exposed nature of private emails, they must get trained or retrained at least once a year. They should also be provided with on-demand access to security protocols and procedures to help them avoid being at the source of this type of data loss. Successful training and data governance can help keep companies/financial services institutions, customers and employees safe from harm and out of the headlines.

The long and short of it

Needless to say, the collective business world will need to make cybersecurity and data protection a high priority in order to maintain business, reputation and customer faith.

By implementing secure, encrypted technologies alongside necessary policy and cultural organisational changes, companies will not only decrease the likelihood of a breach, but also strengthen how a company responds to an incident. This will lead to overall enhanced profitability and stability for the individual organisation as well as for the financial services industry overall.

By Dottie Schindlinger, VP and governance technology evangelist at Diligent

Fintech Jobs

Intesa Sanpaolo is the eurozone’s leading bank for shareholder value creation

20th November 2024

BankingTech

Overcoming board-level cybersecurity obstacles in the financial services industry

READ NEXT

Leave a comment Cancel reply

Fintech Jobs

Related Content

Top stories

The hottest news this week

Media Packs

FinTech Futures Media Pack

FinTech Futures Sibos Media Pack

Webinar | 27 November 2024 | EMEA fintechs: unlock innovation with generative AI with AWS and NVIDIA

Webinar | 28 November 2024 | AI in financial services: Navigating the evolving regulatory landscape

Research report: Revenue enablement in financial services – 2024 global findings & insights

White paper: How AI is propelling innovation in financial services

Global survey report: Privacy in practice 2024

White paper: Cyberattacks in the financial services industry

E-book: The promise and peril of the AI revolution – managing risk

Report: It’s prime time for real-time 2024 – real-time payments adoption and growth around the globe

Banking Technology Magazine November 2024 issue out now

Upcoming events

Banking Tech Awards 2024

PayTech Awards USA 2024

Banking Tech Insights

What the FinTech? | S.5 Episode 21 | Taking open banking payments mainstream

Demystify Podcast: Demystifying legacy modernisation with Irene Sandler, CMO of Mechanical Orchard

What the FinTech? | S.5 Episode 20 | The future of fraud prevention – live at Money20/20 USA

What the FinTech? | S.5 Episode 19 | Driving growth and customer satisfaction in digital banking

Video: Experian at Money20/20 USA 2024 – Combining GenAI and rich data to drive innovation

Video: WorkWave at Money20/20 USA 2024 – Driving growth for field services companies

Video: Codat at Money20/20 USA 2024 – Innovation in B2B payments

Video: Form3 at Money20/20 USA 2024 – The evolution of instant payments

Video: DailyPay at Money20/20 USA 2024 – The growing demand for earned wage access

Sibos 2024 Content Hub – news and coverage from Beijing

Content Hub: Banking Tech Awards 2023 winners

FinTech Founders Video Series: how to build and run a start-up

V INVESTOR ALERT: Robbins Geller Rudman & Dowd LLP Announces that Visa Inc. Investors with Substantial Losses Have Opportunity to Lead the Visa Class Action Lawsuit

Coverdash Partners With LendingTree to Launch Its First-Ever Insurance Offering for Startups and SMBs

iCapital® Expands Model Portfolio Suite to Provide Exposure to Fast-Growing Private Companies

CSI Customer Consumers National Bank Celebrates 377% Growth Over 16-Year Partnership, Breaks Ground on 22nd Branch

Telness Tech partners with Lebara to Launch New Mobile Operator in Nigeria

Intuit Launches AI-Powered Intuit Assist for QuickBooks, Giving Millions of Businesses a Competitive Edge

Intesa Sanpaolo is the eurozone’s leading bank for shareholder value creation

Sensedia’s Open Finance Platform Recognized as API Specialist by Altitude Consulting