We at Serebral360° would love to know if the Forbes – Entrepreneurs article was helpful, leave a comment, like and share. Let’s dive in and discuss the information and put it to use to grow your business.
With attack frequency and sophistication, the financial services industry must find ways to efficiently approach incident and breach risks. The reality is, security incidents affect financial services firms 300 times more frequently than businesses in other industries.
Firms no longer have the option to implement a cyber program. Regulations are mandatory. Examples of well-known cyber regulations come from SEC, FINRA, NYDFS, NAIC, OCIE and more. This shifting regulatory landscape can result in lost time, inefficiencies and financial impact for financial services companies.
The Cost Of Cybercrime For Financial Services
According to Accenture and Ponemon Institute, “The average annualized cost of cybercrime for financial services companies globally has increased to $18.5 million. This is the highest of all industries included in the study and more than 40% higher than the average cost of $13 million per firm across all industries.”
Most Common Types Of Attacks
• Malicious insider attacks are the most expensive type of attack for financial services firms to resolve, at $243,000 per attack, and take the longest time to resolve, at 55.1 days on average.• Ransomware takes an average of 33.8 days to resolve.• Web-based attacks take 25.9 days on average to resolve.
How Do Firms Manage Cybersecurity?
Cybersecurity focuses on safeguarding sensitive public and non-public data on computers, devices, networks and programs from unlicensed or random access. Cybersecurity has become such an important element of IT that most large enterprises, insurance companies and broker-dealers now have internal cyber teams with CISOs, cyber experts and educators.
With growing complexity and multiple regulations to meet, firms of all sizes often outsource, leverage their parent company’s cyber team for enforcement or use a hybrid of both.
Five Cyber Program Elements To Stay Compliant
Generally, regulatory compliance is a framework of laws and guidelines that companies in specific industries must adhere to on an ongoing basis. Laws and regulations are issued by regulatory bodies that tightly govern over specific industries.
Certain regulatory bodies approach regulation in different ways (different product taxonomies and client classifications, additional data context, links between related elements, requirements on audit and more). Depending on the regulation, firms may have to adjust cyber program wording to adhere.
It’s hard to know how all these regulations can affect a business if the right tools aren’t in place to standardize and automate compliance, put up flags or generate reports on risk exposure.
What Can You Do?
If you already have a cyber program, compare it with this list and adjust accordingly. If you do not, this is a proposed baseline to start.
1. Documents And Cyber Folder
• Written information security policy (WISP)• Incident response plan (IRP)• Policies and procedures• Cyber insurance• Cyber event documentation
2. Private Data Protection
• Centralized user management• Endpoint and network security• Web application security
3. Third-Party Vendor Due Diligence
• Cybersecurity• Vendor agreements• Application features and settings
4. Risk Assessments
• Governance policies and procedures• Vulnerability scans• Evidence of technical controls
5. Education And Training
• Staff• Advisors• Clients
Regulators monitor status over time. Setting up a cyber program ensures minimum requirements are met and puts controls in place to properly manage and mitigate future incidents or breaches, should they occur.
#BusinessStrategy #ContentMarketing #WebDevelopment #BrandStrategy
“Five Cyber Program Elements Financial Services Firms Must Cover To Stay Compliant” | Written By: Brian Edelman, CommunityVoice / Forbes – Entrepreneurs
November 19, 2019 at 08:02AM
VIEW ARTICLE ON Forbes – Entrepreneurs >> https://www.forbes.com/sites/forbesbusinesscouncil/2019/11/19/five-cyber-program-elements-financial-services-firms-must-cover-to-stay-compliant/