How do you know you are not the weakest link?

SECURING FINANCIAL SERVICES

5th July, 2023 • London, UK

With so much stress in the financial system, where is the material cyber-risk in banking?

 

Keeping on top of material risks

Just before the latest round of bank instability, a Bank of England systemic risk survey recently polled 65 executives in the UK financial sector, and shows that 74% of respondents deemed a cyberattack to be the highest risk to the financial sector in both the short and long term, followed closely by inflation or a geo-political incident.


However, while attacks are potentially very damaging if they do happen, banks remain confident they can repel them. According to the survey, cyberattacks are less likely to materialise (37%) than geopolitical pressures (54%) and the risk of soaring inflation (63%). 

 

The number of respondents who believe their company is at high risk of attack grew rapidly this year, from 31% in the first half of the year to 62% in the second. Those considering the threat to be low has decreased by 20%, to just 3%. What’s more, 83% believe that cyber risk in the financial sector has increased in the past year. 

 

These are interesting findings because they reveal that while financial institutions do not under-estimate the potential for harm posed by cyberattacks, they do not believe that the actual, realised damage will be as significant as that incurred from other, bigger picture, business-related threats. To an extent, this assessment is borne out by recent events. Banks are failing not because of cyberattacks but because of rate rises, poor credit and investment decisions and deeper cultural failings.


So, what type of cyber incident does pose the most significant threat to financial institutions and the banking system?


Central banks worry less about attacks on single institutions and more about attacks on the data that institutions in general rely on; they worry about attacks that could cause bank runs across multiple banks; they worry about single points of failure in the third-party Cloud ecosystem.


Ultimately though, the system is only as good as its weakest link. A compromised firm will be connected through an almost infinite web to the rest of the system and so represent a threat to the whole.


So how should banks be strengthening their cyber defences at a time to make sure that a firm-wide event doesn’t become a system-wide event?
 

Securing Financial Services will look at cybersecurity at a time of underlying stress in the banking system. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands.

  • Reining in BigTech

    • Resilience and security increasingly come down to key dependencies outside the organization.
    • With on prem tech the past and Cloud and external IT the future, how do public and private sector organisations ensure security when they rely on vendors who are vulnerable but above leverage with even their biggest clients?
    • Time for governments to step in?
  • Securing the technologies of the future

    • Quantum computers, web3, multiple types of distributed ledger technology, augmented and virtual reality, the Metaverse, AI-driven applications and even organisations, automation as a service
    • These technologies are happening now and they all have security implications
    • Who is thinking about how to secure future tech?
  • Managing insider threats at a time of crisis

    • When economies are under stress, employees too can find themselves in financial difficulty. When geopolitical tensions rise, people can take sides.
    • Insider threats of various kinds become far more prevalent and dangerous at times like these.
    • How have security and other MIS tools matured to make detecting malicious insiders easier and more accurate?
  • Mapping resources and controls to material business risks

    • How can CISOs understand which threats represent real business risks?
    • It’s easy to say ‘talk to the business’ – but how does that conversation work?
    • If it does then CISOs can create a framework for prioritizing security, resilience, incident response and BCP spend. 
    • So, what does this look like in practice?
  • From cybercrime to cyberwar

    • Blurred lines between cyber-spies, cybercriminals and cyber-armies have transformed the (in)security landscape
    • Nation-state exploits are now widely available
    • How can the various elements of government work better with private sector solution providers and endusers to build security that can cope with not-quite-nation-state attackers?
  • Securing digital currencies and DLT

    • The move towards non-cash payment methods during the crisis has been extreme, and looks irreversible.
    • Many more governments are now looking at developing their own digital currencies.
    • How do we go about securing a world in which most - perhaps all - payments are digital?
    • And what about the blockchain?
  • Embracing risk management

    • Until cybersecurity is truly seen as risk management and not a whack-a-mole IT problem, the hackers will continue to evade outmoded control frameworks
    • Part of this is down to CISOs, part of it to Boards and part of it to solution providers
    • The banks have done it. When will the rest of business catch up?
  • Solutions for CISO burnout

    • The number of security professionals on LinkedIn who’ve left without another job to go to is astonishing given the shortage of cyber-talent.
    • Are CISOs being fired for breaches?
    • Are they quitting companies who’ve lied about their commitment to security?
    • How can firms solve this problem?

     

  • The rise and rise of effective cybersecurity regulation

    • Data privacy is only a small part of the picture.
    • Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow.
    • They are looking at disclosure and fining the miscreants. How to comply with new regimes?
  • Developing the next generation of security leaders

    • If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
    • CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
    • What does a next-gen CISO look like and are you one of them?
  • Cloud native next

    • Applications have become increasingly complex, with users demanding more and more.
    • They expect rapid responsiveness, innovative features, and zero downtime.
    • Performance problems are no longer acceptable - they'll easily move to your competitor.
    • Should you go Cloud Native? What does this mean for security in practice?
  • From Cloud security to Cloud incident response

    • Recent Cloud outtages have disrupted low-level infrastructure
    • They have also disabled cybersecurity solutions and sometimes shut down corporate access to critical network assets
    • As well as managing Cloud security, CISOs need good Cloud incident response. How are they going about it?

Who Attends

Job titles

Head of Global IT Security
Managing Director Fraud Risk
CISO
Security Governance, Risk and Compliance Manager
Data Loss Prevention - EMEA Operations Lead
Group Head of ICT Risk (Tech. & Cyber) Controls
Strategic Cyber Threat Intelligence Lead
Head of Financial Crime, Info Sec & BCP
Head of Security Architecture
Head of Compliance & Financial Crime
Third Party Risk Consultant
IT Systems Continuity and Integration Manager
Head of Integration, Planning & Development, Compliance Assurance
Information Security Manager
Business Information Security Officer & Third Party Officer
Head of Information Security
CISO
Cyber Security Manager
Head of IT Governance, Risk and Compliance
Senior Information Security Consultant
Group Head of IT Infrastructure and Cybersecurity Audit
Chief Information Security Officer
Compliance Manager & MLRO - UK
Head of Information Security & Audit
Senior Information Reporting Officer
Manager - IT
Senior Server Engineer
Cloud Security Architect
IT Risk Manager
Cyber Security Manager
Senior Technology Risk Manager
Group Head of Risk Domains (Cyber & Tech) and Control Plans
Head of Operational & Technology Risk / CISO
Global Head of IT, Internal Audit
Head of Threat
Head of Security and IT Policy
Lead Information and Cyber Security Specialist (Assurance)
Information Security Programme Manager
Global Infrastructure Security Engineering Manager
VP, Cyber Investigations and Insider Threat Manager
Senior Information Security Consultant
Information Security and Resilience, Operational Risk Oversight Manager
Head of Risk
Global Head - Security Operations
Head of Payment Security
Senior Vice President, Head of Information Security
Cyber Security Manager
Information Security Manager
VP Investigation
PCI Coordinator
Threat Intelligence Manager
Senior Special Agent - Global Security
Vice President - Strategy, Cyber & Intelligence
Head of Investigations and Monitoring
Technology Compliance and Operational Risk Director
Principal Cyber Risk Engineer & Technology Industry Practitioner
Head of Information Security Advisory & Operations
Group Security Operations Manager
Head of Technology
Global CISO
Information Security Officer
Global CISO
Security Operations (SOC) Manager
IT Risk Manager
CISO
Divisional CISO UK, CGC IT, CFO Tech & Platforms IT
Vice President; Information Security Officer
Security Business Partner
Assistant Director of Risk
Group IT Manager
Leader of Network Security EMEA
Security Architect
Senior IT & Cybersecurity Risk Manager
EMEA Operational Security Manager & Business Line Security Officer
CISO
Senior Security Consultant
Technology Risk Management Director - GRC and Quantitative Risk Analysis
Financial Crime and Data Protection Consultant
UKI Cyber Operations Lead
Head of IT and Change
Future Fraud Strategy
Chief Risk Officer
Group Head of Cyber Risk Intelligence
Manager Information Security & Resilience | Operational Risk Oversight
Head of Group-wide Security Optimisation
Director of Cyber Security UK
Technology and Resilience Risk Manager
Leader Payment Systems
Head of IT Risk and Cyber Security
Chief Risk Officer
Acting Chief Information Security Officer, Europe
GRC Manager
Senior Advisor, Information Technology
Manager – Strategy & Intelligence; Investigations, Insider Risk and Data Loss Protection
Chief Information Security Officer
Chief Security Officer EMEA region
Risk Governance Manager (Technology and Cyber)
Head of Information Security
Head of Financial Crime & Compliance Management
Manager of Security Operations, Engineering & Administration
Information Security Strategy and Architecture
Principal Investigations Manager; Physical Security & Investigations
Head of IT Strategy, Governance and Reporting
Senior Specialist Digital Fraud Strategy
Global Head of Information Security
Information Security Officer
Vice President IT Risk - Security Architecture Risk Assessment
Director of IT Governance & Risk Manager

Organisations

Rothschild & Co
Citigroup
Sumitomo Mitsui Banking Corporation
Aldermore Bank PLC
BNY Mellon
BNP Paribas
Refinitiv
Together Money
Travelex Holdings
Gravity Bank
Vanquis Bank
AmTrust International
HSBC
e-finance
Citigroup
Unum
Koine
AerCap
Brewin Dolphin
Phoenix Group
HSBC
LV= Liverpool Victoria
EMQ Inc.
Paragon Customer Communications
PRIMIS Mortgage Network
Activ Trades
SCS Europe
Aviva
Newcastle Building Society
Lloyds Banking Group
Credit Suisse
BNP Paribas
BlueBay Asset Management plc
Travelex Holdings
Quilter plc
Aldermore Bank PLC
Metro Bank
Schroders
London Stock Exchange
Barclays
Fidelity International
TSB Bank
XPS Pensions Group
QBE Insurance
Barclaycard
Redington Limited
Tesco Bank
Yorkshire Building Society
Barclays
Anderson Zaks
Royal Bank of Scotland
American Express
MasterCard
Bank of England
Bank of America Merrill Lynch
Chubb
Quilter plc
Quilter plc
DNA Payments Ltd
First Sentier Investors
GAM Investments
Uphold Inc.
Brewin Dolphin
Brewin Dolphin
Volkswagen Financial Services AG
Credit Suisse
Bank of America
NatWest Group
NS&I (National Savings and Investments)
International Currency Exchange Plc (ICE Plc)
FIS Global
Bank of Ireland
Scotiabank
Société Générale Corporate and Investment Banking - SGCIB
B89
Co-operative Bank plc
AIG Europe
Royal London Group
Aviva
Ipswich Building Society
Santander
Credit Suisse
BNP Paribas
TSB Bank
Prudential
UBS
Close Brothers Group
HSBC
ICBC Standard Bank
thinkmoney
Great-West Lifeco Europe
NEST Corporation (National Employment Savings Trust)
Redwood Bank
Lloyds Banking Group
Man Group Plc
Mapfre Abraxas
BNP Paribas
Jaja Finance
NEST Corporation (National Employment Savings Trust)
Great-West Lifeco Europe
AIB
Barclays
MUFG - Mitsubishi UFJ Financial Group
NewDay
VISTRA
Zenith Bank (UK) Ltd.
MSCI Inc
Commerzbank

Company headcount

1000-1999
10,000+
5000-9999
500-999
10,000+
10,000+
10,000+
500-999
5000-9999
500-999
1000-1999
2000-2999
10,000+
2000-2999
10,000+
10,000+
1-99
100-499
2000-2999
5000-9999
10,000+
5000-9999
100-499
1000-1999
500-999
100-499
1-99
10,000+
1000-1999
10,000+
10,000+
10,000+
100-499
5000-9999
3000-4999
500-999
3000-4999
3000-4999
3000-4999
10,000+
5000-9999
5000-9999
1000-1999
10,000+
10,000+
100-499
3000-4999
3000-4999
10,000+
1-99
10,000+
10,000+
10,000+
2000-2999
10,000+
10,000+
3000-4999
3000-4999
1-99
100-499
500-999
100-499
2000-2999
2000-2999
10,000+
10,000+
10,000+
10,000+
100-499
3000-4999
10,000+
10,000+
10,000+
10,000+
1-99
3000-4999
2000-2999
2000-2999
10,000+
100-499
10,000+
10,000+
10,000+
5000-9999
3000-4999
10,000+
2000-2999
10,000+
1000-1999
1-99
10,000+
100-499
1-99
10,000+
1000-1999
100-499
10,000+
1-99
100-499
10,000+
10,000+
10,000+
10,000+
1000-1999
3000-4999
100-499
3000-4999
10,000+