The increasing frequency and cost of cyber crime is “enough to rattle even the most steadfast” chief financial officers (CFOs) says Deloitte, which adds that ‘five realities’ must be accepted if the war against criminals is to be won.
“According to the Ponemon Institute’s 2014 Cost of Breach: Global Analysis study, the average total cost for a data breach is now US$3.5m globally; up 15% from last year. In addition, the survey found a company’s probability of a material breach involving 10,000 records or more stands at 22% over the next 24 months,” the group reports.
According to Deloitte, the five realities for CFOs are:
- Your information network will be compromised: Inevitably, you will be attacked. If you operate an information network, you will not get to a point of zero risk. You need to accept it.
- Physical security and cyber security are increasingly linked: Typically, the physical security domain and the cyber security domain have been viewed separately. That is no longer the case. While threats like espionage, intellectual property theft, fraud, counterfeiting and terrorism may involve cyber breaches, they potentially can begin by physical access. In a common example, certain administrators may have full control over a system such as payroll, customer data or billing. Armed with that access, those employees or contractors might pay themselves with false invoices, approve loans with special rates, or copy customer credit-card data and employee files that contain sensitive information such as social security numbers, with the purpose of selling the data, creating identity theft, embezzlement or other fraud.
- Cyber damages go beyond monetary: While the average cost of a data breach may be well documented, the long-term effects on corporate reputation and brand significantly add to the toll. Breaches of customer data can lead to a breakdown in trust that could inevitably hurt the top line; one reason for several payment networks to demand that retailers move to new payment cards that store information on computer chips rather than on traditional magnetic stripes. Many companies are now considering cyber insurance to limit excessive damages.
- Everything can’t be protected equally: Ask yourself: “What and where are the crown jewels in my organisation?”, meaning what data is crucial to running the organization and what databases, if compromised, could put it out of business? Not every piece of information, after all, is equally important. To a retailer, for example, customer credit-card data and employee ID numbers are crucial, as is logistics information related to supply chains. By making a hierarchy of data customised to your company and industry, CFOs can also make better decisions on how to prioritise protective controls and other aspects of cyber spend.
- Your walls are probably high enough: Companies continue to invest heavily in the protection side of cyber security with more firewalls and more intrusion-detection systems. Yet, most wall-building may be about as high as it needs to be. Given that hackers have likely already infiltrated, companies should focus more on the detection side to increase their vigilance against attacks and on recovery after the fact. While the formula is different for every company, of the typical IT cyber-risk spend, 30% might be allocated to wall-building, 50% to detection, and another 20% to resilience preparation.
Far and away, the largest financial market on the planet is the foreign exchange currencies market, where on average individuals and organisations trade more than $5 trillion daily. In the FX world, the ability to master the market isn't considered a luxury for treasury officers–it's a necessity.
Using data for predictive analytics is the future of banking success, argued Jean-Laurent Bonnafé, CEO of BNP Paribas, in his session on how the bank is reinventing its approach to innovate with and for corporates.
The EU and US’ shift in accounting standards may bring balance sheet losses and increase credit risk, according to James Elder, director of risk services at Standard & Poor’s (S&P) Global.
Sibos 2017 day two highlights: Brexit and banking, and why ‘data is the new oil’ in financial services
How nation first politics can impact global financial organisations It’s clear that data and regulation are the two key topics that are ... read more