Skip to content

Service

ORX Cyber

Community

ORX Cyber Community

Risk programme

Leadership, Strategy & Advancing Op Risk

Report - April 2024

Cybersecurity threats pose a significant risk to the financial services industry and have become a risk management priority for institutions. 


Cybercrime and technology continue to be the most concerning risks for financial organisations around the globe (see the latest ORX Operational Risk Horizon for more information)

There has been an unprecedented increase in emerging threats, particularly in the last two years, exacerbated by both the constant evolution of technology, especially generative AI, and by the innovation of cyber criminals. To preserve both assets and consumer confidence, the industry needs not just to prioritise this risk, but actively drive for improvements in how cyber risk is managed.

This white paper from ORX Cyber explores the financial organisations' top priorities for managing cyber risk.


To create this white paper, the ORX Cyber team spoke with 30+ senior cyber risk leaders from both first and second lines of defence, across 16 organisations. We took the opportunity to discuss the challenges they face and their priorities for the next 12 to 18 months

Download the free white paper from ORX Cyber for an overview of key industry priorities for strengthening cyber risk management. The paper also looks at the factors impacting cyber risk and the progress financial organisations have made managing them to date.

 

“It is now inevitable that organisations will experience a cyber event. The time is right to review the state of play in cyber risk management...This paper looks at the industry landscape today through a cyber risk lens, and then considers the priorities identified by senior leaders that will collectively drive a strengthening of cyber risk management practices across the industry.”

Faster & safer: Priorities for cyber risk management

 

 

 

 

 

 

 

 

 

 

 

 

 

Introduction

It is now inevitable that organisations will experience a cyber event

The time is right to review the state of play in cyber risk management. We operate in a volatile and unpredictable world, and the financial services industry is continuing to dramatically transform in terms of replatforming, digitalising customer journeys, introducing new technologies, and more. This paper looks at the industry landscape today through a cyber risk lens. It then considers the priorities identified by senior leaders that will collectively drive a strengthening of cyber risk management practices across the industry.

To create this white paper, we held a series of discussions and interviews with more than 30 senior cyber risk leaders in first or second line of defence roles. We asked them a series of questions, exploring their priorities for the next 12 to 18 months.

Those conversations helped us identify eight key industry priorities designed to strengthen cyber risk management and measurement. There is no doubt that organisations have been investing in cyber risk management, but these priorities suggest that more investment will likely be required. Cyber risk management must become more proactive and more optimised, and there was a feeling among our participants that the industry needs to change its mindset in relation to cyber risk. Alongside these eight key priorities, there is a clear call to standardise and collaborate to make progress faster.

Download the white paper

Priorities for the future of cyber risk management

Following interviews with senior leaders in cyber risk management and subsequent analysis, ORX has identified eight key priorities for the industry that collectively should help further mature and evolve the practice. This should in turn help accelerate the transition to more active cyber risk management.

“There is no doubt that organisations have been investing in cyber risk management, but these priorities suggest that more investment will likely be required. Cyber risk management must become more proactive and more optimised, and there was a feeling among our participants that the industry needs to change its mindset in relation to cyber risk.”

Faster & safer: Priorities for cyber risk management

Data Driven_priority-11. Move to data-driven cyber risk management  

There was consensus that data and metrics need to improve to achieve data-centric risk management, using both internal and external data to drive the correct decisions and actions.

New technology Red_priority-22. Scale use of technology to support business transformation  

New technology must be deployed to enhance risk-management activities and maintain the pace of change. 

Identify Gaps Red_priority-33. Identify gaps and blind spots to gain visibility of the end-to-end risk exposure 

Providing a group or enterprise level end-to-end view of risk exposure, in a language that the business understands is a priority, and includes identifying gaps and blind spots to gain full visibility.

Third party red_priority-44. Manage third party reliance and complexity more effectively  

Third and “nth” party risk in the context of cyber is an increasing priority. Given the need for partners, and the complexity of supply chains, organisations need to better understand, map, and mitigate the vulnerabilities that come with this.

 

Download the free white paper from ORX Cyber to read all eight industry priorities for strengthening cyber risk management. You'll also gain insights into the factors impacting cyber risk and how financial organisations have responded to this key risk to date.

Gated content start

This resource was produced as part of the ORX Cyber service

Want to access this resource?

If your firm subscribes to ORX Cyber or you participated in the study, log in to download this resource.

Log into the ORX website

Register for the ORX website

Not a subscriber? You can download the white paper for free.

Download the white paper

Find out more about ORX Cyber

Gated content stop

About ORX Cyber

ORX Cyber is an innovative operational risk management service created especially to support cyber and information security risk professionals in the second line of defence. This service offers a robust combination of cyber event data exchange, collaboration, and research, empowering second line practitioners with the insights and information they need to efficiently manage and measure this critical risk.

Unlock the full potential of ORX Cyber:

  • Data and insights on cyber and information security risk that you can’t get anywhere else
  • Collaborate and compare your practice with the industry and address shared challenges
  • Access to a trusted source of cyber and information security risk event data and industry-leading research

Discover ORX Cyber

 


Disclaimer: ORX has prepared this resource with care and attention. ORX does not accept responsibility for any errors or omissions. ORX does not warrant the accuracy of the advice, statement or recommendations in this resource. ORX shall not be liable for any loss, expense, damage or claim arising from this resource. The content of this resource does not itself constitute a contractual agreement, and ORX accepts no obligation associated with this resource except as expressly agreed in writing. ©ORX 2024


Contacts:

Steve Bishop

Steve Bishop

Research and Information Director, ORX

Helen L’Abbate

Helen L’Abbate

Head of Services, ORX

Melanie Lavallin

Melanie Lavallin

Senior Adviser, Research and Information, ORX

Speech bubbles icon

ORX Cyber

Join a global community of second line cyber risk management specialists.

ORX Cyber