Financial crime: Stop walking backwards into the future | KPMG | UK
Share with your friends

Financial crime: Stop walking backwards into the future

Financial crime: Stop walking backwards into the future

Cyber threats are changing fast. Attacks are now directed by criminals aiming to monetise weaknesses via theft, blackmail or extortion


Also on


The rapidly growing global threat from cyber and financial crime is well known. Not least, by senior executives who are increasingly being held responsible for cyber breaches by investors and the media.

What is less well known is that the nature of cyber threats is also changing fast. Most attacks are now directed by organised criminals aiming to monetise security weaknesses via information theft, blackmail or extortion. They no longer focus purely on weaknesses in customer systems, but also on company core systems and those of suppliers and other partners. Criminals show astonishing creativity in finding the weakest link.

The good news is that the rapid advance of technology is giving business new tools to combat cyber risk. Behavioural analytics has the potential to become one of the most powerful. Many companies are investing in specialised analytic tools that monitor network activity for anomalous behaviour by entities or individuals. The resulting clues help firms to identify external breaches, detect and block suspicious activity by employees and other insiders.

Oddly the analytic tools being developed for cyber security seem divorced from those used to detect and counter fraud, despite both ultimately being aimed at making the cyber criminals life harder. If businesses want to harness the full potential of behavioural analytics, they need to look for opportunities to bring these very different communities together.

Unfortunately, few companies have so far managed to develop truly integrated security models. Large groups find it especially hard to integrate the work of cyber security and anti-fraud teams. They often struggle to overcome organisational silos, technology stovepipes and entrenched practices. For example, large banks often talk about the potential but have yet to achieve this convergence, except perhaps in their digital banking teams who are forced to defend against aggressive cyber threats every hour of the day.

Scroll down to continue reading...

In our view, a number of factors are vital to the successful implementation of behavioural analytics. Some of the most important include:

  • Taking a step back. Indiscriminate use of behavioural analytics can swamp companies with data. Firms need to step back from the detail and prioritise their use cases. That not only requires careful thought about their vulnerabilities, but also about criminals’ likely priorities.
  • Instilling the right mind set. Business leaders need to instil a culture that values traditional fraud prevention techniques as well as new capabilities and understands the need to integrate both approaches. 
  • Overcoming silo thinking. Criminals aren’t interested in companies’ internal structures. Cyber security teams need to take a similar enterprise-wide view of their potential weaknesses.
  • Developing an organic approach. A ‘big bang’ is rarely the best way to implement behavioural analytics. Instead, firms should continuously adapt their approach as they develop their focus, monitor threats and attacks and hone internal reporting.
  • Showing strong leadership. Effective implementation of behavioural analytics needs strong leadership from the top. CROs, COOs and other leaders need to provide effective oversight and ensure that the issue is viewed from a business perspective, not just a technological one.

Technology is unleashing a wave of behavioural analytics data, with huge potential to reduce cyber threats. Businesses need strong leadership, a clear strategy and the right culture if they are to make the most of this valuable new tool.

Connect with us


Request for proposal