Every person perceives the world in a unique way. Yet when it comes to cybersecurity, global financial services (FS) executives seem to gravitate towards a similar, rather negative view. New research reveals that 43% of global FS business leaders see security more as a barrier than an enabler. This matters, because if negative perceptions persist, security investment is likely to remain piecemeal and reactive. That could expose FS firms to excessive business risk and even derail important transformation programmes.
To move beyond this, to a more constructive relationship between business and IT/security leaders, both sides will need to change.
Perception and reality
These are tough times to be a FS player. Rising interest rates have made borrowing eye-wateringly expensive, while inflation continues to hit consumers and businesses hard. After two years of pandemic-era uncertainty, we now have a period of economic softening underpinned by geopolitical volatility, of a sort many of us had hoped was a thing of the past. In this context, FS businesses should be looking for any opportunity to drive employee productivity, win new business and optimise operations.
Cybersecurity plays a critical role in all of these aspects, and more. In fact, most FS business leaders acknowledge this. Take new business. Over three-quarters (77%) of FS execs say prospects and suppliers have been asking about their security credentials with growing frequency. Most are worrying about their ability to keep up with these demands as a result. And 85% think their security posture could impact their ability to win new business. A quarter say it already has.
Yet at the same time just 62% even see a strong connection between security and client acquisition. Granted, this is over half of respondents. But why isn’t the figure even higher, given the number concerned about their future growth prospects?
In a similar way, most FS execs understand that the ability to work from home will be critical to recruiting the brightest and best talent. And half have seen how security policies can cause friction in this remote working experience. A quarter have experienced a breach which impacted employees, for example. So why is it that less than half of business leaders see the link between security and employee retention/talent attraction? If bad security can negatively impact the employee experience, surely better thought-out policies and enforcement can do the opposite?
Finally, take data analytics. The vast majority (94%) of FS business leaders agree data-driven insight could unlock cost savings – higher than the figure for any other sector. Two-thirds (65%) complain that current security policies are creating information silos which are a barrier to these efforts. Yet only 58% see a link between security and data insights – even though unified security platforms and better policy could break down data silos. Similarly low numbers link security to driving new revenue streams, profitability and innovation – all FS business priorities that data-driven insight can help to achieve.
Who needs to change?
Some of these perceptions are certainly grounded in reality. Poor policy and security point solutions do tend to create information silos. They can negatively impact the employee experience and fail to reassure potential new customers. But it’s perplexing that so many business leaders in financial services don’t get that security can also be a force for positive business growth – helping to win new customers, secure and unlock data insight, and improve employee satisfaction.
There’s a challenge here on both sides of the divide. CISOs need to change their language to that of business risk, in order to engage the board and improve awareness. But business leaders must also recognise the potential in cyber as a growth enabler, and lead from the front by taking greater accountability for initiatives. With a unified, platform-based approach to security and updated policies fit for the new hybrid workplace, cyber teams can break information silos, and uncover and mitigate risk across the enterprise. Currently only 67% of business leaders believe they have good visibility into their attack surface. Even this may be an over-estimate, given the speed with which these environments are growing due to digital investments.
The bottom line is that around half of FS business leaders view cybersecurity as a necessary cost but not a revenue contributor. A similar share believes its role is limited to threat prevention. In reality, cybersecurity is far more important than this. It provides the foundations on which successful digital transformation can be built, while minimising the impact and volume of financially and reputationally damaging incidents. Organisations that realise this usually lead their respective industries.
So it’s not enough that 60% of FS firms plan to increase security investment this year. Where and how that money is spent will ultimately define their success.