A roundtable discussion on the state of cyber security management in the banking sector.
KPMG recently brought together a number of our regional Global Cyber Security practice leaders for a round-table discussion of the rapidly-shifting landscape among top banks in some of the most active jurisdictions.
This dialogue revealed much commonality in strategies and issues faced by banks across the continents. Most notably, the banks are among the most mature industries from a cyber security perspective, due to their historically-conservative approach to risk, their consistent, sizable investments in security and privacy safeguards, and their tradition of collaboration within the industry and with authorities. As such, they continue to demonstrate significant investment to address the rapidly evolving, entrepreneurial and determined cyber threat from trans-national, organized crime.
At the same time, banks in the US, Europe and Asia share a common challenge reacting to mounting global, regional and local regulations that can create cumbersome compliance obligations. A prominent example of the new rules: the EU’s General Data Protection Regulation (GDPR), which according to many industry observers, will receive very low compliance — in the financial services sectors or any industry — by the 25 May 2018 deadline.
While these topics suggest a serious escalation of cyber risks posed to the banks, the discussion also spotlighted a promising shift in approaches to cyber risk management. Currently, a number of best-in-class banks are recognizing that cyber security is not purely a ‘technology problem’ but rather a business challenge that requires business ownership and strategy development, with clear, aligned support by the technology teams. This evolving mindset explained below, suggests a path forward for banks as the cyber security and regulatory arenas grow more complex.