It has been expressed that financial institutions should shift their focus from trying to avoid cyberthreats altogether to raising security and putting measures in place to deal with the aftermath of attacks. Attendants at the OpRisk Europe conference were told that cyber-attacks are inevitable and that companies must make allowances for when they occur to limit damage.
The OpRisk Europe conference was held in London on 10th June, with delegates hearing that they can no longer have a zero risk approach to cyber-attacks because, in the modern era, such crimes at inevitable. Zurich Insurance’s global head of strategic implementation for operation risk, Carin Gantenbein, explained that companies should focus on the many questions involved in attempting to lower the risk of attack and also on what to do when an intrusion does occur.
“There is business continuity management, there is scenario planning, there are sometimes even scenario exercises and things like that. The industry is starting to go in that direction and this is within management awareness, but you simply can’t avoid any kind of cyber-attack, so you need to get used to having some cyber-attacks. And risk appetite can’t be zero for this topic because that would simply be too expensive,” Ms Gantenbein said.
There was also discussion regarding the financial sector, with experts suggesting that companies in this industry find is hard to think about cyber-risk on a broad scale. The cyber environment is an extremely complex place, Ms Gantenbein said, explaining that everything is interconnected, from the financial system to governments, industries and real life. This means that, similar to the cascade that started the financial crisis, the same cybercrisis could occur if steps are not taken to reduce the risk.
Also talking at the event was Lloyds Bank Commercial Banking director of operational risk, David Murray. Mr Murray said that third-party suppliers have to be continually vetted for safety and security risk. Though a lot of work has been done both before and throughout the financial crisis, companies still have to work on their cyber-efforts, including looking at data availability, exploitation potential and whether it is being extracted.
With the conference now completed, it is important for companies to go away and think about their own risk. For those that have simply tried to avoid cybercrime, it is now essential to put measures in place for if, and indeed when, it occurs.
This article was written by Montash.
Montash is a multi-award winning, global IT recruitment firm. Specialising in permanent and contract positions across mid-senior appointments which cover a wide range of industry sectors and IT functions, including:
ERP, BI & Data, Information Security, IT Architecture & Strategy, Scientific Technologies, Demand IT and Business Engagement, Digital and E-commerce, Infrastructure and Service Delivery, Project and Programme Delivery.
With offices based in London, Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.