Cyber risk is arguably today’s predominant business issue, commanding attention from commercial organisations, the media, regulators and worldwide governments alike. Every time it seems we have passed the point of ‘peak hype’, further geopolitical revelations or as-yet unprecedented breaches hit the headlines, lending it further momentum and putting cyber simulations right back on top of the agenda.
The complete and irrevocable reliance on technology of business of all sizes, in particularly financial services, will keep cyber security top of mind for the next decade or more. Current and former chairpersons of the SEC, Bank of England and European Banking Authority are all on record indicating the view that cyber security is the biggest risk facing the financial system.
Digital technology has transformed both business and indeed society beyond recognition in just a decade or two. But like its creators, technology is imperfect and its flaws are exploited by diverse actors for different reasons. These include ideologically motivated factions wishing to further a political aim; financially motivated criminal organisations simply wanting to steal money, state-sponsored groups bent on corporate or diplomatic espionage; and terrorist organisations seeking to inflict damage on enemies.
This is the stark reality in which financial services businesses operate today – where sophisticated, well-resourced cyber criminals operate alongside ‘smash and grab’ opportunists, targeting everything from high-value transactional systems like SWIFT, through to mainstream online channels and customer data. They profit by exploiting gaps in organisations’ defences and readiness.
It’s not a matter of ‘if’ or even ‘when’ your business experiences a cyber-attack – you can’t stop cyber attacks targeting you, nor can you simply build walls high enough to keep out determined and sophisticated attackers. It’s prohibitively expensive and will stop the business from operating. So the question becomes “Will you even know you’re being attacked before it’s too late?”
In this environment, being prepared is not only common sense, it’s crucial to minimise the potential brand damage that results from poor handing of a breach. There are few interactions with customers, regulators and shareholders that are more critical than the communications you issue during a cyber attack. Decisions need to be made at pace and are typically based on incomplete information, and the consequences of getting it wrong persist in the headlines long afterwards.
So the best time to prepare your response plan is not during the midst of an unfolding cyber crisis – it’s well in advance of an issue. That’s why we support our clients in getting to grips with how a cyber attack might unfold through cyber simulation exercises to help them prepare.
If you require support for this topic, please download our report below and don’t hesitate to get in touch.