Podcast 23 mins
Better Being Series: Understanding Burnout in the WorkplaceBanks are Turning to Their Talent to Boost Their Cyber Resilience
As cyber attacks become more sophisticated, banks can shore up their cyber-security resilience efforts by building a partnership between business leaders and cyber technologists.
Key Takeaways
-
A mix of remote work and increasingly skilled hackers have made banks more susceptible to cyber crime.
-
Banks and financial institutions can bolster their cyber-security resilience by assessing vulnerabilities and tapping into their workforce.
-
Weaving cyber know-how into the fabric of the company helps ensure the longevity of banks’ cyber-security investments.
Overview
Banks and other financial institutions — as well as their customers — have become prime targets for cyber attacks. Spencer Lynch, head of Aon’s Cyber Solutions practice in the UK, notes that threat actors and hackers used to steal personal data for the sake of reselling it. Now, the goal has changed: hackers are finding ways to monetize their attacks through ransomware and other forms of extortion. In a 2022 study, 74 percent of financial institutions reported a ransomware attack, and 63 percent of those institutions paid the ransom.
“Cyber security is an important topic for banks because they rely on their reputation to show that their customers can trust them to keep their assets safe,” says Peter Keuls, global head of Aon’s Talent Solutions practice. “There were 10 times more suspicious activity reports filed by the SEC regulated firms in 2022 compared to four years ago.”
Despite an increase in security training, research shows many employees remain vulnerable to cyber threats. For banks and financial institutions to maintain their cyber resilience, they should consider new strategies to strengthen their cyber defenses and equip their workforce with effective cyber skills.
In Depth
Many financial institutions have been contending with data theft for so long that it can be difficult to modify their staff’s approach to cyber attacks. For example, many institutions send ongoing breach notifications, which can desensitize customers to alerts and lead to potential long-term negative outcomes for customers as well as financial institutions. Changes in hacker technology — including artificial-intelligence-enhanced phishing and the ability to leverage the multitude of internet-based communications platforms companies use legitimately — add to the challenge of maintaining cyber awareness among employees.
Leaders in financial institutions should be aware of some factors that have changed cyber security and take steps to improve their cyber resilience. To establish long-term cyber resilience, financial institutions must ensure business leaders own cyber security in collaboration with their technology partners, take a proactive approach to equipping their workforce with cyber-related skills, properly assess their vulnerabilities and build cyber awareness throughout the entire organization.
With generative AI, hackers and threat actors can easily use the data that’s already out there to impersonate people and create convincing phishing messages and other forms of content, such as verbal communications or deepfake videos.”
How the Cyber Landscape has Changed for Banks
Cyber crime can happen in myriad ways, and recent trends have changed how attackers target financial institutions. Advanced technologies, such as generative artificial intelligence (AI), have made phishing emails much more sophisticated, making them harder to identify and prevent.
“With generative AI, hackers and threat actors can easily use the data that’s already out there to impersonate people and create convincing phishing messages and other forms of content, such as verbal communications or deepfake videos,” Lynch says.
The people component to cyber security is critical. Cyber incidents often relate to the people who are targeted rather than the IT application itself. In other words, people click on phishing links, type in their usernames and passwords, run a program or open an attachment that they shouldn’t have. Chris Blain, partner in Aon’s Talent Solutions practice in the UK, notes that skills gaps and talent shortages have affected IT-related roles, and remote-working environments have made it harder for companies to monitor and defend against cyber attacks.
“As we see more cyber attacks and breaches, banks are trying to retain talent that has cyber-resilience skills,” Blain explains. “They need to ensure that they’re paying at the right levels and attracting new people who already have those skills.”
“It seems like remote working, to some degree, is here to stay, which means that this challenge of managing this expanded attack footprint is something that the cyber professionals in the bank will have to learn to cope with,” adds Keuls.
Investing in cyber security can be expensive, but the cost of not investing is much greater. Losing information can cause significant delays for companies, and losing transactional information in customer accounts could be detrimental if the bank can’t reconfigure the balances of each account. Variations in regulatory environments can also add to the impact of a cyber incident. Depending on where they’re doing business, some banks can come under two or three regulators, which increases the threat of investigation and penalties if there’s a cyber incident. Regulators are also increasing pressure on banks to reduce the cyber-incident reporting window.
As we see more cyber attacks and breaches, banks are trying to retain talent that has cyber-resilience skills. They need to ensure that they’re paying at the right levels and attracting new people who already have those skills.”
What Banks can do to Improve Cyber-Security Resilience
Banks can take three steps to protect themselves and reinforce their cyber efforts.
First, they can assess their vulnerabilities. The goal of this exercise is to find where new vulnerabilities exist in infrastructure and determine how long it will (or could) take to fix them once they’re discovered.
“A lot of companies do penetration testing, which is often mandated for banks by a regulator,” explains Lynch. “This test involves a consultant pretending to be the hacker and breaking into the bank. There’s also vulnerability scanning and ongoing and continuous vulnerability management, where you check all the external infrastructure and see if there’s any new vulnerability that’s been found.”
Maturity assessments and other forms of benchmarking are another chance to test for weakness. Companies should assess their performance across several areas, such as multifactor authentication and endpoint detection and response. Banks can also work with consultants to assess what they’re doing across different types of controls and control domains and compare their approaches to industry benchmarks.
Second, banks can determine whether they’re underinvesting or overinvesting in cyber security. Benchmarking against other banks can help financial institutions determine if they are underinvested or overspending on cyber functions. Leaders should look at how cyber functions are organized and see what kinds of functions are being insourced and outsourced.
“The level of investment around cyber in a typical bank is enormous, running into tens if not hundreds of millions of dollars. So it’s very important that they get the balance right in terms of cost, especially at a time when banks are focused on their cost base,” says Blain.
Third, banks can manage cyber security from a talent perspective. They can assess skill sets across departments to see if people working in areas such as risk can take on cyber-related positions. “Adjusting talent in this way would be of great benefit to the banks of course, but it also opens up a great opportunity for people employed by the banks, allowing them to move into new roles and maybe even increase their levels of compensation by doing that,” says Blain.
Weaving Cyber Strategies Into Talent Strategies
Building a more resilient workforce also helps solve cyber issues within banks because talent equipped with cyber skills is more likely to stay within the organization. Lynch adds that a lot of organizations struggle to connect cyber to their business. “IT professionals are trying to manage cyber security and think through what the impact on the business could be, but they’re not the business — they’re not the ones dealing with customers every day,” he explains. “They can’t predict all the different possible impacts, so getting that cross-pollination of thought is tremendously important for banks.”
CEOs and other executives can create a workplace culture in which everyone feels that cyber security is part of their responsibilities. By leveraging the power of IT and talent across departments, financial institutions can respond to current and emerging cyber threats and become much more cyber resilient.
General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Aon Insights Series Asia
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series Pacific
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series UK
Expert Views on Today's Risk Capital and Human Capital Issues
Construction and Infrastructure
The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Environmental, Social and Governance Insights
Explore Aon's latest environmental social and governance (ESG) insights.
Q4 2023 Global Insurance Market Insights
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Regional Results
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Human Capital Analytics
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Insights for HR
Explore our hand-picked insights for human resources professionals.
Workforce
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Mergers and Acquisitions
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
Navigating Volatility
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Parametric Insurance
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Pay Transparency and Equity
Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Property Risk Management
Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Technology
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Top 10 Global Risks
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Trade
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
Weather
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Workforce Resilience
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
More Like This
-
Article 8 mins
U.S. Rail Sectors Work to Mitigate Capacity and Pricing Risk Issues
U.S. freight and commuter rail industries are facing excess liability and property issues for different reasons. These railroads are critical to infrastructure and vital to the economy, yet finding effective solutions remains complex.
-
Article 11 mins
D&O Risks and Considerations for Businesses Planning an IPO
As private companies prepare for an IPO, they face increased risks that require directors and key leaders to adopt essential risk management strategies to ensure a smooth transition.
-
Article 10 mins
How Public Entities and Businesses Can Use Parametric for Emergency Funding
As climate change intensifies the frequency and severity of extreme weather events, public entities and businesses need more flexible funding solutions. Parametric stands out as an adaptable resource capable of swiftly responding to potential disasters.