Even though cybersecurity has been recognized as a high priority among financial institutions, the results of a recent survey conducted at FICO’s Asia Pacific Chief Risk Officer (CRO) Forum revealed 64% of senior banking officials in the Asia Pacific region feel their institutions are not prepared for cyber threats.
Findings from the survey bear close correlation to trends identified in a 2014 PwC report that found cybercrime to be the second most prevalent economic crime within the financial sector. This provides a clear indication within the banking industry – that can easily be extrapolated to other business sectors – of the growing need for implementation of a cyber strategy framework to deal with computer network vulnerabilities, hacker threats, and attacks to customer data and critical information technology infrastructures.
Ideally, a comprehensive strategy should be scalability to the size of the organization, have defensive capabilities that mature over time, and incorporate three main elements – the means for assigning attack attribution, dynamic rules-of-action for impact mitigation, and established trust relationships for threat prevention and business recovery information sharing.
These concepts form the fundamentals of two in-depth methodologies I have developed entitled, “Cyber Strategy Maturity Modeling” and “Cyber Strategic ART (Attribution, Rules, and Trust).”