Security strategies bolster under increased board involvement

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

11/07/18

Key findings from The Global State of Information Security® Survey 2018

The year ahead for global financial services organizations will present significant cybersecurity challenges. For many, top initiatives will include addressing insider and third-party risks, deployment of new technologies like artificial intelligence (AI) and compliance with complex regulatory obligations. 

Addressing these issues will help financial organizations enhance their ability to detect compromises, which appears to have declined this year. Businesses identified an average of 3,356 incidents, a 32% decrease over2017,according to 965 financial services executives responding to The Global State of Information Security® Survey 2018. This represents the lowest number of reported incidents in six years.

How to strengthen your cybersecurity and privacy program

To better detect and respond to cybersecurity attacks and insider compromise and prepare for new regulatory obligations, financial services firms should renew their commitment to funding, developing and improving a proactive cybersecurity program. Start with the following first steps: 

  1. Invest in cybersecurity and privacy: Make a business case for strong cybersecurity that includes both the potential risks, but also the market-differentiating advantages that a strong cybersecurity and privacy program can offer.
  2. Create an insider risk program: Create an awareness program that educates employees on current threats and how to use good security hygiene to avoid them. In particular, pay attention to social-engineering schemes like phishing and talk about what a ransomware attempt looks like—and how these threats can impact valuable data assets.
  3. Invest in new technologies, and back them up with technical expertise: Plan for how your business will integrate these systems and effectively use the deluge of data they will generate.
  4. Navigate through GDPR and beyond: An understanding of systemic applications and the EU Data Protection Directive of 1996 would be helpful as you begin to navigate GDPR as would a readiness program that may help convince EU regulators that your organization is serious about compliance.

Contact us

Joseph Nocera

Principal, Cybersecurity and Privacy, PwC US

Follow us