Steering through the cyber risk storm in financial services

With the average cost of data breaches rising each year, WTW has emphasised why governance efforts are critical in cyber risk management.

According to IBM, the global average cost of a data breach has increased by 15 per cent over three years to US$4.45 million in 2023.

Meanwhile, the World Bank has estimated that across the globe, approximately US$5.2 trillion in global value was at risk from cyber attacks during 2019 to 2023. Some 10.5 million records are lost or stolen each month, equalling an approximate 438,000 every hour.

“These events can have very real impacts for complex organisations, with wide ranging risk sources and complex causes and consequences that require a holistic framework and risk approach,” WTW explained.

The potential wider impacts of a cyber attack can include significant recovery costs, reputational damages from the loss of customer confidence and legal ramifications through class action lawsuits raised by those impacted.

VIEW ALL

View all

“When organisations experience events, a need arises to think beyond single solutions and risk pathways to ensure resources can support wider resilience.”

Just yesterday, financial advice software provider Iress announced it is strengthening its security settings after suffering an unauthorised access of its systems over the weekend. The firm said an unauthorised access of Iress’ user space on GitHub was detected on 11 May. GitHub is a third-party code repository platform which manages software code before it goes live, but no client information is stored on the platform.

“Iress has now commenced a process of strengthening access and security protocols out of an abundance of caution,” the firm said.

Earlier this year, the Australian Institute of Company Directors’ bi-annual AICD Director Sentiment Index for the first half of 2024 of over 1,000 directors found over half of financial services directors are concerned about cyber crime and data security (57 per cent) compared to 43 per cent of directors overall. 

Tying into this, 55 per cent of financial services companies said the threat of a cyber attack is impacting the risk appetite of their board compared to 45 per cent of overall directors.  

The rapid explosion of new artificial intelligence (AI) programs, such as Google’s Bard and OpenAI’s ChatGPT, is also creating further cyber risks, according to WTW.  

“As the technology evolves at a rapid pace, governance efforts will be critical, especially as AI developers are grappling with the risks inherent in their training data. Every part of your organisation will also need to consider the knock-on effects – cyber risks being one of them.”

The firm also shared why utilising a collaborative approach to cyber risk management provides a more holistic view of the risks at hand.

“When you embed risk management through working with other business functions, you’re more likely to address their risks and uncertainties proactively rather than reactively.”

Last month, Insignia Financial’s chief risk officer Anvij Saxena shed light on why the “multidimensional” risks of operating a financial advice licensee requires a holistic and curious approach.

“We’re seeing risks that are more interconnected than ever before. Cyber security, for example, is more than a system security issue. It impacts data risks and controls, which carry privacy, and financial crime considerations. Ultimately, there is a risk to franchise value and reputational impacts. An IT-driven focus to cyber risk for example won’t be enough,” Saxena said.