2017’s biggest IT risks for traditional FIs (and how to prevent them)

Traditional financial institutions (FIs) are facing a technology revolution, as smaller challenger banks and fintech firms leverage the latest innovations to offer consumers fast and agile services.

 

Many organisations must now cope with the tough task of modernising legacy systems, while boosting cyber security measures to prevent increasingly sophisticated attacks from compromising their networks.

 

While most businesses are aware that IT risk management is crucial for continued success, identifying and tackling the biggest threats in an ever-evolving landscape is a constant challenge.

 

Fortunately, Deloitte has conducted several reports over the last year in an effort to help IT risk managers prepare for 2017 and beyond. We’ve summarised the big four firm’s research, so here are the biggest threats, as well as some potential solutions.

1. Cyber security

FIs across Europe, the Middle East and Africa have ranked their vulnerability to external threats as the largest risk to their IT systems, with a staggering 90 per cent citing cyber security as a top-five problem. Unlike any other IT risk, cyber security was unanimously considered the biggest threat to all three lines of defence.

2. Loss of sensitive data or proprietary information

With cyber security as the number one risk, it’s unsurprising that data loss is also a significant worry for organisations. Recent Cisco research showed that one-third of companies lost 20 per cent or more in revenue following a cyber security breach last year, showing the substantial impact a single incident can have.

3. Inability to keep up with the pace of change

This was a new entry for the Deloitte report in 2013, indicating the threat posed by the rapid pace of technological advances. Automation, robotics, data analytics and a range of other new technologies are disrupting how business has traditionally been conducted, causing this issue to rise to third in the rankings.

4. Poor oversight of third parties

The proliferation of third-party relationships between FIs and other service providers shows no signs of abating, with organisations looking to strengthen their capabilities through mutually beneficial partnerships. While this IT risk has slumped significantly in recent years (from the number one concern in 2013 to fourth in 2017), it remains a key issue for 59 per cent of respondents.

Tackling IT challenges in a modern risk environment

There are a number of exacerbating factors affecting how businesses approach IT risk, including:

• Emerging technologies;
• Increased regulatory scrutiny; and
• A widespread focus on cost efficiency.

So what can FIs do to future-proof themselves against upcoming risks with their IT systems? Here are four key steps:

 

Maximise automation opportunities: Businesses should reduce the resources allocated to low-value risk administration activity and instead focus on spending more time removing layers from the control environment. This should be done through the implementation of consistent and scalable automated controls.

 

Assign an IT risk team: Responsibility for IT risk implications should be assigned to specific staff members who can organise an appropriate response. This will involve a reassessment of the new risk landscape and should concentrate on immediate threats, such as application programme interfaces, blockchain and third-party risk management.

 

Redefine accountability models: Organisations must evaluate how changes within the commercial environment – including new regulations, technology advances and business model adaptations – will affect what IT risk controls are needed. Do accountability models need to be updated? And how can these adjustments be embedded into operating frameworks?

 

Modernise the IT risk recruitment strategy: The talent pipeline needed to cope with today’s IT risks must be nurtured to ensure the right skills are developed over the next five to seven years. Businesses must ensure IT risk teams are well integrated with other risk professionals so that each function is as resilient and works as seamlessly as possible across key areas.

 

“As technology becomes more pervasive, so do the associated risks; failing to manage these risks creates front page news, as well as an unwelcome and often material financial, customer and reputational impact,” Deloitte stated in its 2016 Financial Services IT Risk Management Survey.

 

By recognising the threats and revolutionising IT risk approaches, including building a strong workforce of risk professionals, organisations can mitigate the effects of adverse incidents.

 

Our 2017 Market Report combines our review of the prevailing conditions in the risk management recruitment market together with the results of our latest employer survey.

 

Image: Jirsak via iStock