Over the past few years, financial institutions have made significant strides forwards, laying the groundwork for continued evolution in cyber risk. Insights shared by industry leaders in the recent ORX Cyber white paper shed light on the progress being made.
“There was much common ground in what we heard, but unanimity on one point: leaders believe they will make more progress on these priorities if the industry works together. ”
Faster & safer: Priorities for cyber risk management
Positive developments
Second line cyber risk managers
There has been a significant expansion in the role due largely to the ever-growing development of technology, combined with the increasing complexity and interconnectivity of risks across organisations. Although still often perceived as a ‘dark art’, there is evidence that organisations now expect these roles to provide greater insight and support to the business.
Cyber risk reporting
Reporting has increasingly become a cause/enabler of multiple other risks. Reporting is therefore providing a more holistic or theme-based view, which gives the business a better understanding of what the likely threats/attacks are, and how these may affect the organisation and its customers.
Collaboration across the first and second line
Most have seen advancements, with the second line embracing a more collaborative 'business partner' mentality. Additionally, there has been increased investment in second line cyber risk teams. Clarity of accountability and responsibility between first and second line continues to be a challenge, along with capacity. There are cases of positive collaboration across the lines, using the skills that exist irrespective of where they sit in the operating model and therefore mutually benefiting each other.
Uplift in the use of technology
Participants in the paper discussed how they have used technology to innovate risk management practice, e.g. using APIs to gather data to support control management.
Improvement in data used to support data-driven decision making
Progress has been made in identifying internal data sources and using these to better inform cyber risk management practices. However, most participants are still working on identifying relevant core data, understanding gaps and data accuracy. We see this in the pursuit of a more objective approach to cyber risk measurement, with the aim of reducing reliance on third-party experts.
“There is a clear call to standardise and collaborate to make progress faster. Participants stated there is an advantage in
coming together as an industry to help evolve cyber risk management, and there is a clear incentive and an imperative to dismantle barriers to benchmark experience and share and develop best practice."
Faster & safer: Priorities for cyber risk management
Read the full white paper to find out more about cyber risk management.