Cybersecurity: Emerging challenges and solutions for the boards of financial-services companies
Mature boards are making themselves valuable partners for management in the effort to make firms more resilient.
Cybersecurity has become a top concern for the boards of financial-services firms, and the level of concern seems to be growing day by day. With organizations seeking to create new digital customer experiences, applying sophisticated data analytics, and investing in a wealth of other technology innovations, cyberrisk management clearly requires governance at the highest levels. The advent of the COVID-19 crisis makes this challenge even more urgent.
Well before the pandemic hit, the Bank Policy Institute and McKinsey began to address these issues. To gain deeper insights and help guide boards in their decision making, we collaborated on a survey of top financial firms to assess current cybersecurity trends, challenges, and solutions. We found that boards are not only spending a significant amount of time on cybersecurity challenges and ways to address them but also assigning committees to deal specifically with these issues. However, though many boards are working to integrate cybersecurity resilience into their overall risk efforts, they have not yet learned to measure these risks consistently and to maximize value for money. Boards also need practical new approaches to set their risk tolerance for cybersecurity and to guide management’s resourcing and spending so that they can address the consistent and persistent risks inherent in this area.
As boards look at their next moves, they can take their cues from more advanced firms starting to adopt a cybersecurity and technology risk-management strategy informed by business operations. These firms are integrating their efforts to control cybersecurity and technology risks with operational risks and resilience. They are giving their boards new views of information to help them assess cyberrisks against the risk tolerance of the enterprise and ensuring that board members have the knowledge to oversee these activities.
This report summarizes our survey findings and describes some of the moves that mature firms are taking now…