There’s no shortage of money or technological tools being devoted to support cyber risk management at most financial services institutions, yet insurers are still struggling to stay ahead of the proliferating ranks of hackers looking to steal money or information, disrupt operations, or destroy critical infrastructure.
Indeed, basic blocking and tackling strategies to lock down devices, systems, and platforms remain a work in progress because of the increasing pace of attacks, the growing sophistication of threat actors, as well as multiplying, often conflicting demands facing chief information security officers (CISOs).
|Cyber risk management challenges
Part of the problem is that CISOs and the business executives they work with are being challenged to become more agile and provide a frictionless customer experience at a time of technological transformation spurred by fintech, mobile applications, cloud adoption, and other emerging developments. The demands of the CISO’s job have expanded exponentially as cyber risk management plays a much higher-profile role in both security and business development.
To learn more about these challenges and how companies are coping with them, the Deloitte Center for Financial Services interviewed senior cybersecurity, technology, and risk management specialists from across the industry, including a number of prominent insurers. They shared cyber war stories from the front lines, citing a wide variety of obstacles and frustrations. But they also pointed toward the progress they’ve made and the plans they have in place to transform their thinking, approaches, and organizational culture going forward.
There were a number of key areas of consensus among those who took part in the research, and several broad themes emerged in our analysis:
• Money is no object for those we interviewed, with cybersecurity budgets rising dramatically over the last few years. However, most agreed that the pace of such increases is not likely to be sustainable over the long run, meaning some hard choices will soon have to be made in terms of investment and spending priorities.
• The majority feel stuck between a rock and a hard place as they juggle multiple priorities. They are being challenged to address vulnerabilities within a plethora of legacy systems. They are expected to innovate even as they struggle to keep basic systems up and running. All the while, they are trying to align cybersecurity policies and efforts with the business, operational, and technology strategies of their companies
• CISOs are striving to innovate in a multitude of ways, but often have a hard time assessing and integrating a flood of new security tools at their disposal, while reinventing their organizations to make cybersecurity a core consideration enterprise-wide.
• FSIs are starving for cybersecurity talent, with staffing challenges the biggest problem faced by many of those we interviewed. They often complained about the lack of “triple threats” — those with the technical skills, business know-how, and strategic thinking capabilities to implement cyber risk management initiatives quickly and effectively.
• Cyber risk metrics remain a veritable Tower of Babel as reporting responsibilities overwhelm CISOs,thanks to a lack of widely accepted, impactful measurements and industry-wide standards to meet increasingly redundant oversight demands.
• CISOs need help connecting the dots. Many cited legal ambiguity or regulatory hurdles as obstacles to information sharing within and beyond the industry and their home countries, while most yearn for ways to better automate intelligence to make it more relevant, actionable, and available in real time.
Overall, we found that while some companies have become leaders in cyber risk management, there is a wide variance on the cybersecurity maturity curve. The bar needs to be raised for many individual firms and the industry as a whole when it comes to security, vigilance, and resilience programs.
How might CISOs and key stakeholders across an insurance organization better fortify their systems against intruders, improve detection capabilities, and recover more quickly if an event occurs? To learn more about the threats and opportunities raised by each of the six takeaways listed above, download our full report, “Taking cyber risk management to the next level: Lessons learned from the front lines at financial institutions.”
Sam J. Friedman ([email protected]) is insurance research leader with Deloitte’s Center for Financial Services in New York. Follow Sam on Twitter at @SamOnInsurance, as well as on LinkedIn. These opinions are his own.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
