Article

Financial organizations are adapting to complex cybersecurity environment

Cybersecurity industry snapshot

May 30, 2024
#
Financial services Cybersecurity consulting

The financial services industry is among the most attractive to cybercriminals: Consider the potential financial gain of mining enormous amounts of personally identifiable customer information and an endless volume of monetary transactions. From banks to insurance companies, businesses in this space have access to a plethora of documents with highly sensitive customer information, says Angela Kramer, an RSM financial services senior analyst.

“Financial institutions are heavily reliant on digital platforms, and consumers who need to originate a loan for a car or house typically do it through a software program or online,” says Kramer. “That amplifies the complexity of cybersecurity threats, and risk leaders need to help mitigate that complexity.”

Over the last year, regulators have introduced new cybersecurity rules requiring institutions to elevate their standards to bolster protection against such threats. Such regulations include the U.S. Federal Trade Commission’s amendment to its Standards for Safeguarding Customer Information, which requires all nonbanking financial institutions to report a data breach incident within 30 days after discovery if it involves the information of at least 500 consumers. That Safeguards Rule update will take effect in May 2024.

The days of patching up legacy systems are gone; companies are looking to invest in new systems that will protect against cybersecurity threats from a proactive risk mitigation perspective.
Marlene Dailey, RSM Financial Services Senior Analyst

The U.S. Securities and Exchange Commission also adopted rules in July 2023 that require all public companies to “disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.”

As cybersecurity threats constantly evolve, banks and other financial services companies continue to adapt, fortifying their own defenses while addressing risks involved in working with vendors and other third parties.

“Most insurance companies are looking at mitigation strategies focused on technology as well as policy improvements,” says Marlene Dailey, an RSM financial services senior analyst focused on the insurance space. “The days of patching up legacy systems are gone; companies are looking to invest in new systems that will protect against cybersecurity threats from a proactive risk mitigation perspective.”

Getting ahead of cyberthreats requires conducting more regular cybersecurity risk assessments, honing a robust regulatory compliance strategy, and updating processes and procedures as needed, she says.

Related insights

Cybersecurity 2024 special report

Our annual insights into cybersecurity trends, strategies and concerns shaping the marketplace for midsize businesses in an increasingly complex risk environment.