Paolo Sironi, IBM: All Eyes on Financial Services Cyber-Resilience

No industry is fully immune from cybersecurity threats, from water pipelines to healthcare, financial services included. According to experts, regulators and government officials, all signs indicate that cybersecurity is here to stay and, most of all, is categorically different from the past.

On one side of the security barricade, today’s “always-on” digital operations are driving value but also creating new vulnerabilities expanding an organisation’s attack surface for cyber criminals to exploit. On the other side, threat actors are evolving their tactics, using artificial intelligence (AI) to run algorithms that automatically probe for weaknesses and unleash more efficient attacks. This year dramatic increase of geopolitical tensions has further heightened the alert status, as governments might weigh in to expand existing forms of cyber-attacks, which puts the critical infrastructure of the most digital economies squarely in the crosshairs of hackers.

Financial services institutions are some of the heaviest investors and users of security controls, largely driven by stringent regulatory and compliance requirements. As a result, this sector has elevated itself to one of the most secure verticals in the world. However, these organisations remain a top target for cybercriminals chasing high reward pay days given the sensitive nature of the data they manage and their integral role in our global economy.

According to IBM’s 2022 Cost of a Data Breach report, produced in collaboration with the Ponemon Institute, attackers are becoming more sophisticated in their methods which leads to increasing costs for data breaches. The average cost of a data breach in financial services was $5.97M, 37% higher than the $4.35M global average. Across all industries, 45% of breaches occurred in the cloud, but those in the public cloud cost more than breaches at firms with a hybrid cloud model. Cloud migration, compliance failures, and the complexity of security systems are clear cost amplifying factors of the cost of data breaches.

While most banks still do not always apply a baseline security framework across the cloud estate, nor zero trust, the IBM study reveals that the latter reduced the cost of data breaches by 20%. This is clear indication of an action to be taken. All things important when it comes to managing the risk of cyber-security, leveraging AI automation garners the biggest advantage among other cost mitigating factors, such as expanding the collaboration between development and operation teams with DevSecOps practices (that involves introducing security earlier in the software development life cycle) and organising Incident Response (IR) teams. According to IBM’s 2022 AI and Automation for Cybersecurity research, the longer the time to detect and remediate a data breach, the higher the cost. And the top 25% of AI adopters, among a surveyed population made of 1,000 executives, report successfully reducing the time to investigate incidents by nearly one third, and the time to respond and recover by nearly a quarter.

When it comes to financial services organisations with fully deployed security automation, the IBM Cost of a Data Breach report highlights that they can achieve significant savings, as they managed to lower the cost of a data breach by 41% compared to the global average.

Clearly, the fight is on for short-handed security teams, which are easily overwhelmed with too much data from disparate sources, an abundance of tools, yet often a scarcity of insights. These challenges can easily exceed the skills of even the most knowledgeable security experts and the capacity of the largest, most talented cybersecurity operations teams. Institutions are required to deploy solid strategies for talent and transformation, as cybersecurity employees need both hard and soft skills to succeed with AI.

The scope and breadth of the effort is bringing business attention, as a consistent security posture is a catalyst for business resilience and confidence to grow in a digital economy. In 2022, IBM also surveyed the opinion of 3,000 CEOs of global organisations – across 28 industries and more than 40 countries – about their greatest challenges in the next 2-3 years. Notably, 70% of the 270 CEOs leading banking and financial markets (BFM) institutions indicated cyber-security resolutions as the major challenge (see figure 1).

Resilience is key to success in the fight against hackers and rogue actors. Attacks can be reduced, and their impact mitigated, but institutions might not be able to eliminate all risks. Therefore, it is the capability to stay resilient and recover with speed – based on a modern hybrid cloud approach with advanced interoperability and portability of IT services, coupled with AI plus automation – that adds further value to deliver on the business expectation.

The research papers can be downloaded from these IBM pages:

• The 2022 Cost of Data Breach – https://www.ibm.com/security/data-breach
• The 2022 AI and Automation for Cybersecurity – https://ibm.co/ai-cybersecurity
• The 2022 CEO Study – https://ibm.co/c-suite-study-ceo

Paolo Sironi

Global Research Leader Banking and Financial Markets

IBM Consulting, the Institute for Business Value

Bestselling author “Banks and Fintech on Platform Economies”

About the Author

Paolo Sironi is the global research leader in banking and financial markets at IBM, the Institute for Business Value. He is a former start-up entrepreneur and quantitative risk manager in investment banking. Paolo is the author of literature about finance, banking, and digital innovation. Member of the IBM Industry Academy, his latest bestseller “Banks and Fintech on Platform Economies” explores how platform theory, born outside of financial services, will make its way inside banking and financial markets to radically transform the way firms do business. Visit Paolo’s website thePSironi.com for more information.

---