October 26, 2021
Cyber Risk

Cybersecurity and the BFSI: Thinking outside of the assessment check-box

In highly regulated sectors such as banking, financial services and insurance (BFSI), cybersecurity and the potential impact of a breach is taken exceptionally seriously – and there is little wonder as to why. The average cost of a data breach in the financial sector has reached $5.72m and with cyberattacks increasingly hitting the headlines, consumer concern surrounding data leaks and privacy are reaching new heights. With so much at stake and BSFI organizations 300 times more at risk of cyberattack than any other organization in other industries, the sector is subject to rigorous regulations and constant cyber risk assessment.

Times are changing though, and despite being renowned for its compliance-first approach, research is indicating that the BFSI sector is starting to shift focus from audits, to more proactive cybersecurity strategies such as the implementation of new tools and increased investment in staff training. However heavily regulated the BFSI sector may be, and even with the wave of investment in cybersecurity by banks around the world, there is currently no industry standard to enable financial institutions to determine how secure they truly are. The CEO of a financial institution can be held accountable for a breach, and when 34% of organizations in the sector identify cybersecurity as the one issue that would affect them the most in 2021, there is no time like the present to instil simple, clear risk indicators and objective risk management.

Why Measure Cyber Risk?

Objective cyber risk assessment provides the foundation blocks for an organization’s security strategy, enabling C-suite executives and the Board to answer the following questions with confidence:

  1. Can cyber risk appetite be adjusted, given the threats they face?
  2. What is the most efficient manner to allocate resources to address current threats?
  3. What should the organization spend their cybersecurity budget on?
  4. What is the cost/benefit trade-off of any investment proposals?
  5. Where is the largest potential for risk reduction Vs spend?

Without an understanding of the risks an organization faces in real-time, or their likelihood of a breach, it is impossible to build the necessary defenses to adequately secure their environment.

Understanding your Breach Likelihood

Safe Security is rapidly changing the Cyber Risk Quantification (CRQ) space for the BFSI sector, providing organizations with a breach likelihood score and the financial risk they face – not as a one off or point-in-time assessment, but in real-time. The data, when combined with actionable insights based on technical cybersecurity signals, external threat intelligence and business context of what and where the "weakest links" across people, process, technology and third parties lie, enables an organization to accurately measure and mitigate its cyber risk in real-time.

This proactive approach to cybersecurity within the BFSI sector gives each organization actionable and objective visibility of their cyber risk posture across their:

People: Using a zero-permission mobile app to protect their devices and run multi-language cybersecurity awareness campaigns

  1. IBM (July 2021) Cost of a Data Breach Hits Record High During Pandemic
  2. Federal Reserve Bank of New York (May 2021) Cyber Risk and the U.S. Financial System: A Pre-Mortem Analysis
  3. CSI (March 2021). Banks Brace for Cybersecurity Threats in 2021

Processes/Policies: Mapping policies to compliance frameworks

Technology: Scanning controls across every asset

Third-Party Vendors: Generating a 360 degree assessment of all third party vendors to eliminate blind spots which can arise from point-in-time assessments

Cybersecurity Products: Reviewing every product and how it is implemented

In practice, a breach likelihood score supports a risk-aware culture, enabling and prioritizing decisions that mitigate an organization’s exposure, moving them from a reactive/defensive risk management strategy to a proactive strategy that better protects their critical assets.

The Impact of a Breach Likelihood Score

As technology within the BFSI sector becomes more complex to deliver a seamless customer experience, simplifying cybersecurity by starting with a breach likelihood score will enable and support future innovation. In the 2021 EY Global Corporate Divestment Study, 60% of banks intend to divest within the next 12 months, using the funds raised to adopt new technologies to help them react faster to customer demands. Without a more proactive cybersecurity stance to remediate vulnerabilities and misconfigured tools, banks will continue to fall foul of increasingly sophisticated attacks.

Be it the possibility of a breach through ransomware, cloud misconfigurations, or business email compromise, breach-likelihood gives a clear picture of an organization’s cyber risks within the BFSI sector and a means to prioritize their vulnerabilities. This is a marked change from the current reactive box-checking exercises undertaken to meet compliance and audit requirements, however with the solid foundations delivered by a breach likelihood score, cybersecurity in the BFSI sector will become a solution as opposed to the problem it is perceived to be today.

Learn more about how a breach likelihood score can improve an organization’s security posture in the BFSI sector, download our latest report