Get Started
Banks are getting a grip on cyber risk

ARTICLE | November 9, 2023

Banks are getting a grip on cyber risk

The technology threats that keep bank bosses up at night—and what they’re doing to beat them

Technology risk is unavoidable for banks. Financial institutions around the world are navigating a rapidly evolving cyber-threat landscape where they must battle ever more sophisticated cyberattacks and technology that seemingly changes overnight.

A breakdown of a bank’s IT infrastructure, systems, or applications can be disastrous, and the stakes are high: The average cost of a data breach in the financial services industry stands at $5.9 million, according to IBM's Cost of a Data Breach Report 2023. That leaves top executives, and especially chief information security officers (CISOs), more exposed than ever.

Banks are on high alert. Two-thirds of CISOs in the sector say cyber risks have increased significantly over the past few years, according to a recent ThoughtLab and ServiceNow survey of 750 global executives at retail, private, commercial, and full-service banks. Even more rank tech risk overall as the greatest threat to their businesses. Here are five stats from the report that stand out. 

Related

How to stay ahead of ever-changing cybersecurity risks in banking

Get eBook

While bank executives overall rank the pace of innovation and adoption of new technologies as the biggest reasons to beef up their tech risk management efforts, bank CISOs—the best suited to judge—say the escalation of cyberattacks is at the top of their list, according to the survey.


Seventy percent of CISOs indicated that attacks on IT infrastructure are their main concern. When they’re not worrying about ransomware and denial-of-service attacks, the prevalence of fraud and other financial crimes keeps many of them up at night.

Perhaps unsurprisingly, the threat of cyberattacks is an area where leaders in high-tech risk management and laggards diverge most dramatically. While the latter feel most exposed to attacks, leaders in cybersecurity have clearly spent time hardening their defenses and feel more confident for having done so.

Banking executives are bracing for unprecedented innovation in the next few years, fundamentally remaking the financial industry.

When it comes to technology risk, bringing teams from across the business together to address and manage it is the biggest priority for CISOs at global banks.

Fifty-two percent of them say that ensuring IT, risk, and cybersecurity functions work together is the most important step they’re taking now. That could rise to 60% in two years.

Leaders recognize that building an effective organization and culture that bolsters resilience starts at the top. “We made technology and cybersecurity risk management and resilience a part of our board and senior management duties, which has aided us in the early detection and correction of issues,” a CRO at a private U.S. bank said.

More than a third of banks surveyed are already using historical insights to forecast cybersecurity risks. What’s more, that share is expected to jump to almost half by 2025 as more banks leverage real-time insights to counter cyberattacks.

Those efforts should allow banks to defend against evolving attack strategies, predict future attacker behavior, and guide responses to high-profile incidents like ransomware attacks and data breaches. “Predictive analytics will assist us in proactively managing risks and making educated resource allocation decisions,” said the head of operational resilience at an Australian commercial bank.

Over the next two years, executives plan to invest in advanced technologies, such as security information and event management systems, which make it easier to spot patterns in security data, and quantum cryptography, to take encryption to the next level.

The average cost of a data breach in the financial services industry stands at $5.9 million.

While discussion of AI’s impact dominates boardrooms and legislatures, many banks are ahead of the curve: More than half upped spending on AI and other advanced technologies over the past two years.

Others are planning to follow suit. “In response to an increase in cyberattacks, we will strengthen our cybersecurity measures by adopting more cutting-edge security technologies, such as artificial intelligence and machine learning,” said a German retail bank CISO.

Still, it’s important to remember that human error is often the easiest point of entry for cybercriminals. Automating manual security processes based on email and spreadsheets is always a good idea. Similarly, AI-powered intelligence can be a crucial tool to quickly and accurately diagnose what needs to be done during a breach and who should do it.

Banking executives are bracing for unprecedented innovation in the next few years, which could fundamentally remake the financial industry. AI, blockchain, and decentralized finance, as well as the metaverse and other aspects of Web 3.0 or Web3, will only make dealing with cyber risks more difficult and complicated.

To survive, financial institutions need to take a more proactive approach to cybersecurity, with a clear plan to guide resilience and investment across the entire value chain.

The winners will have to balance the benefits of digital innovation with the greater exposure to cyber risk it brings. They will also need to empower everyone in the bank, from the CEO to account managers, to become risk officers.

Trending articles

Related articles

How banks can conquer technology risk
Feature
How banks can conquer technology risk

Rapid digital innovation in the financial services sector can expose new vulnerabilities. Addressing them intelligently drives competitive advantage.

Accounting for technology risk
Feature
Accounting for technology risk

Banks are transforming themselves to better meet the latest challenges and risks, yet a new survey of global banking executives reveals there’s still a lot more to do.

Making Risk Pay
FEATURE
Making Risk Pay

In an uncertain world, security is a growth driver

Bolstering OT to keep manufacturers safe
FEATURE
Bolstering OT to keep manufacturers safe

As factories become more integrated into the broader business, cybercriminals are increasingly exploiting them in their attacks

Author

Yannic Rack

Yannic Rack is a journalist based in Scotland and mostly writes about climate change and sustainability. His work has appeared in Fast Company, Corporate Knights and other publications.

Articles by Yannic Rack