Cyber Crime: What Asset Managers Need to Know About Cyber Resiliency

Girard Healy,
MD, Accenture

If you think the cost of doing business is rising, here’s another element to consider. Only this one does not come about by market forces, but rather by menaces in the netherworld. The genesis is the online environment – that powerful capability at our fingertips we depend on for so many facets of our business and everyday lives. Though, it’s a sphere laden with some landmines. Evildoers are busy setting traps, intent on stealing valuable data and disrupting the flow of things – and they often succeed at these cyber crimes.

Accenture’s recent study on cyber crime with Ponemon Institute provides updates on this phenomenon. Backed by eight years of research and 2,000+ interviews at 254 companies in seven countries, this report discusses the dollar impact on businesses. In total, cyber crime costs an organization an average of $11.7 million annually, which, in 2017, was 23 percent more than 2016.

Some of the hardest hit industries are devoting even higher amounts to fighting cyber crime. Financial services falls into this category. According to the cyber crime study, an asset management firm could spend more than $17 million per year on charges relating to managing and recovering from incidents.

The overriding question explored in the research: Are businesses allocating their funds wisely to fight cyber crime? The answer, in short: Many organizations may be spending too much on the wrong technologies.

Methodology

The study analyzed nine security technologies on two levels. It looked at their relative spending level as well as their value in terms of cost-savings to the organizations. Based on the findings, the researchers offered insights on the security investments that make a difference in the war on cyber crime.

Highlights

• Breakthrough innovations, such as security intelligence systems and extensive use of cyber analytics and user behavior analytics, could offer the highest ROI to stay ahead of hackers, yet the use of them is low

• Compliance technology can build strong cybersecurity capabilities, but is not enough on its own

• Businesses should prioritize spending to better balance investments in security technologies that provide value rather than continue with the status quo

For asset managers, my colleagues at Accenture in the risk and cybersecurity groups advocate a well-rounded approach. Just like the essence of cyber crimes themselves, a firm's initiative should be multifaceted. It’s time to think resiliency – as in cyber resiliency.

Defining Cyber Resiliency

Cyber resiliency is the ability to operate business processes in normal and difficult scenarios without adverse outcomes. Cyber resiliency strengthens a firm’s ability to identify, thwart, detect and respond to process or technology failures. It can also bolster capacity to quickly return to business as usual when an attack occurs, while reducing financial loss, customer harm and reputational damage.

Cyber resilient businesses share common characteristics:

• More secure processes and systems

• Strong controls and control environment

• Digitized and automated processes

• Aggressive, proactive, enterprise-wide culture that prioritizes security

How can firms become more cyber resilient?

It starts with incorporating not only perimeter security, but also business risk/reward decision making, cyber risk management and control techniques in all processes. Another must do is securing buy-in from the top down of the organization, and both inside and outside of its walls. Only then, could firms mitigate the likelihood of an event effectively and efficiently. For more on cyber resiliency, read our InsideOps: Cybersecurity for Asset Managers: Shielding Your Firm from Risks.

Both our paper and the study referenced above provide a roadmap of some of the best ways forward in the fierce battle against cyber crime today. The attackers are getting smarter, so we need to do so as well.