The Security Hot Seat: Cyber Risk



Cyber risk in the Hot Seat after being identified as top concern for financial services industry.

The DTCC (Depository Trust & Clearing Corporation) recently released their Q3 2014 Systemic Risk Barometer Survey, which was conducted with their clients in the financial services industry and a swathe of global financial services companies.

84% of respondents identified cyber risk as one of their top five concerns.


Source: DTCC Systemic Risk Barometer, Results Overview – 2014 Q3

Additionally, 37% of respondents said that the probability of a high impact event in the global financial system has increased during the past 6 months.

The financial services industry has long been the target of cyber-attacks and this should come as no surprise – but this sentiment seems to be stronger than ever before, given the daily barrage of attacks of all sizes from the JP Morgan breach affecting 76 million households to the smaller one at TotalBank affecting 72,000 customers. What is distressing is that you could replace “financial services” with “retail” or “healthcare” or “manufacturing” or just about any other major industry group – and the results would likely be very similar. Organizations in all these industries are being constantly hit by cyber-attacks targeted at stealing sensitive customer data or IP, as a result of which cyber risk is now a hot button for C-level teams and boards across the globe.

As Mark Clancy, DTCC Chief Information Security Officer stated – “No institution – large or small, public or private – is immune to a potential cyber-attack”. Given the devastating financial and reputational impact of cyber-attacks, there are a slew of measures CIOs and CISOs are taking to secure their organizations, ranging from deploying the latest security tools to protect various layers of the technology stack, to setting up incident-response teams to handle external comms if they should make front page news. But if you were to distill all these initiatives into one key objective, this is probably what it would be (and if not, then this is what it should be):

Know what you have that's worth stealing (hint: customer data, intellectual property, etc). Then go secure it, put it in a vault, or control access to it - or do all.

Do this for data in rest and in motion, on or off your network, on personal devices or in the cloud. And then, maybe, cyber risk will be less daunting that is today.

Niru Raghavan

Please post your comments here

Data-Centric Security: Why You Need it, How to Get Started

Forrester VP and Principal Analyst John Kindervag explains the fundamentals of a data-centric security approach, why you need it, and how to get started. Watch the webinar on demand.

Watch Now

Related Articles
The Security Hot Seat: Personal Device Encyption

This week' s Hot Seat features the latest issue in the debate on personal privacy vs. national security

The Security Hot Seat: HealthCare.gov

Welcome to our newest blog feature, The Security Hot Seat. Every Monday we will put a person or organization in the Hot Seat based on the security news of the past week. We picked quite a week to kick this off!

The Security Hot Seat: Home Depot

As the biggest payment card breach in history continues to unfold, the home improvement giant finds itself in the Security Hot Seat.