Thought Leadership
Faster & safer: Priorities for cyber risk management
ORX Cyber White Paper
Service
ORX Cyber
Community
ORX Cyber Community
Risk programme
Leadership, Strategy & Advancing Op Risk
Report - April 2024
Cybersecurity threats pose a significant risk to the financial services industry and have become a risk management priority for institutions.
Cybercrime and technology continue to be the most concerning risks for financial organisations around the globe (see the latest ORX Operational Risk Horizon for more information)
There has been an unprecedented increase in emerging threats, particularly in the last two years, exacerbated by both the constant evolution of technology, especially generative AI, and by the innovation of cyber criminals. To preserve both assets and consumer confidence, the industry needs not just to prioritise this risk, but actively drive for improvements in how cyber risk is managed.
This white paper from ORX Cyber explores the financial organisations' top priorities for managing cyber risk.
To create this white paper, the ORX Cyber team spoke with 30+ senior cyber risk leaders from both first and second lines of defence, across 16 organisations. We took the opportunity to discuss the challenges they face and their priorities for the next 12 to 18 months.
Download the free white paper from ORX Cyber for an overview of key industry priorities for strengthening cyber risk management. The paper also looks at the factors impacting cyber risk and the progress financial organisations have made managing them to date.
“It is now inevitable that organisations will experience a cyber event. The time is right to review the state of play in cyber risk management...This paper looks at the industry landscape today through a cyber risk lens, and then considers the priorities identified by senior leaders that will collectively drive a strengthening of cyber risk management practices across the industry.”
Faster & safer: Priorities for cyber risk management
Introduction
It is now inevitable that organisations will experience a cyber event
The time is right to review the state of play in cyber risk management. We operate in a volatile and unpredictable world, and the financial services industry is continuing to dramatically transform in terms of replatforming, digitalising customer journeys, introducing new technologies, and more. This paper looks at the industry landscape today through a cyber risk lens. It then considers the priorities identified by senior leaders that will collectively drive a strengthening of cyber risk management practices across the industry.
To create this white paper, we held a series of discussions and interviews with more than 30 senior cyber risk leaders in first or second line of defence roles. We asked them a series of questions, exploring their priorities for the next 12 to 18 months.
Those conversations helped us identify eight key industry priorities designed to strengthen cyber risk management and measurement. There is no doubt that organisations have been investing in cyber risk management, but these priorities suggest that more investment will likely be required. Cyber risk management must become more proactive and more optimised, and there was a feeling among our participants that the industry needs to change its mindset in relation to cyber risk. Alongside these eight key priorities, there is a clear call to standardise and collaborate to make progress faster.
Priorities for the future of cyber risk management
Following interviews with senior leaders in cyber risk management and subsequent analysis, ORX has identified eight key priorities for the industry that collectively should help further mature and evolve the practice. This should in turn help accelerate the transition to more active cyber risk management.
“There is no doubt that organisations have been investing in cyber risk management, but these priorities suggest that more investment will likely be required. Cyber risk management must become more proactive and more optimised, and there was a feeling among our participants that the industry needs to change its mindset in relation to cyber risk.”
Faster & safer: Priorities for cyber risk management
1. Move to data-driven cyber risk management
There was consensus that data and metrics need to improve to achieve data-centric risk management, using both internal and external data to drive the correct decisions and actions.
2. Scale use of technology to support business transformation
New technology must be deployed to enhance risk-management activities and maintain the pace of change.
3. Identify gaps and blind spots to gain visibility of the end-to-end risk exposure
Providing a group or enterprise level end-to-end view of risk exposure, in a language that the business understands is a priority, and includes identifying gaps and blind spots to gain full visibility.
4. Manage third party reliance and complexity more effectively
Third and “nth” party risk in the context of cyber is an increasing priority. Given the need for partners, and the complexity of supply chains, organisations need to better understand, map, and mitigate the vulnerabilities that come with this.
Download the free white paper from ORX Cyber to read all eight industry priorities for strengthening cyber risk management. You'll also gain insights into the factors impacting cyber risk and how financial organisations have responded to this key risk to date.
Gated content start
This resource was produced as part of the ORX Cyber service
Want to access this resource?
If your firm subscribes to ORX Cyber or you participated in the study, log in to download this resource.
Gated content stop
About ORX Cyber
ORX Cyber is an innovative operational risk management service created especially to support cyber and information security risk professionals in the second line of defence. This service offers a robust combination of cyber event data exchange, collaboration, and research, empowering second line practitioners with the insights and information they need to efficiently manage and measure this critical risk.
Unlock the full potential of ORX Cyber:
- Data and insights on cyber and information security risk that you can’t get anywhere else
- Collaborate and compare your practice with the industry and address shared challenges
- Access to a trusted source of cyber and information security risk event data and industry-leading research
Disclaimer: ORX has prepared this resource with care and attention. ORX does not accept responsibility for any errors or omissions. ORX does not warrant the accuracy of the advice, statement or recommendations in this resource. ORX shall not be liable for any loss, expense, damage or claim arising from this resource. The content of this resource does not itself constitute a contractual agreement, and ORX accepts no obligation associated with this resource except as expressly agreed in writing. ©ORX 2024
Contacts:
Steve Bishop
Research and Information Director, ORX
Helen L’Abbate
Deputy Director - Research & Information, ORX
Melanie Lavallin
Senior Adviser, Research and Information, ORX