Addressing cyber risks and building resilience in financial services and FinTech
This roundtable discussion was developed by Fintech-Tables with support from global cyber security specialists Occamsec and Barclays.
The session, hosted by Barclays at their brand new state of the art campus in Glasgow, brought together leaders from across security in ﬁnancial services and FinTech who considered organisational, operational and technical challenges around cyber security in the sector.
The session started with 2 keynote discussions followed by a wider group discussion.
The keynote slots were as follows:
Banking insights: Understanding the current state of cyber security in financial services and banking – what to expect for 2023 and beyond.
Managing continuous threat exposure in financial services and FinTech
Q&A / Facilitated group discussion
Key areas of discussion included:
- Organisation, People & Culture
- The current threat landscape
- Tackling the threat
- Raising the bar
Some of main takeaways from the event include:
1) Getting security top of mind in ﬁnancial services organisations is culturally an issue and is something that must be addressed
2) Supply chain compromise and software dependencies are a real risk and area of concern. This is raising issues of trust for large ﬁnancial services organisations who are working with third parties.
3) The threat is constant. Hackers are always looking for ways to attack, and their approach is always evolving. A better understanding of how hackers fundamentally work is needed across ﬁnancial services organisations in order to really tackle the issue from the top down.
4) To counter the threat, the security industry needs a shift in approach. The threat is continuous and therefore we should be focused more on continuous prevention and security assessment rather than response and cure.
5) Organisations prioritising their security investments based on continuous threat exposure management will be signiﬁcantly less likely to suﬀer from a breach.
6) We don‘t hear about attacks enough due to reputational issues. We need more organisations being open and honest about attacks to raise awareness and help other business leaders to understand the risks alongside business and personal impact
7) Greater visibility and clarity from organisations on risks, how they are being reported on, and how they are being tackled at management level would allow cyber security and corporate health to be leveraged as a diﬀerentiator, therefore adding business value.
8) Supporting SMEs across the entire supply change is essential to ensure a uniﬁed “raising of the bar”. Benchmarking and practical steps to deliver support and solutions to SMEs in this space should be carried out. Activities such as supply chain testing and table top exercise around security were highlighted as potential solutions.
For those who were unable to make the event, don’t worry, we have you covered, you can read the a full report of the discussion here: