Securing Financial Services

“Room for improvement” in banking cybersecurity

22nd January 2025 • Park Plaza Victoria, London, UK

The ECB didn’t say much about its recent stress tests, but banks need to do better. Which gaps need to be filled?

 

More investment in security and resilience needed, say regulators

"The results of the stress test are insightful and showed that while banks do have high-level response and recovery frameworks in place, there is still room for improvement," said Anneli Tuominen, an ECB supervisory board member.

Now, the test didn't probe banks' ability to prevent cyberattacks, it started with an assumed core database encryption and so tested resilience and business continuity.

But it found that many banks couldn't meet their recovery time deadlines and lacked centralized inventories of business processes and associated IT assets.

It was also clear that the industry largely still lacks established processes for quantifying economic impact holistically. And there seemed to be a lack of end-to-end testing of both technical and banking processes using serious scenarios.

Interestingly, the ECB showed concern that banks depend very significantly on external providers. This seems an obvious statement, given banks dependence on Cloud and on hundreds of specialist tech companies in areas from cybersecurity to compliance to the fight against financial crime and fraud, as well as to operate their core banking systems.

The financial service industry is often held up as an example of best practice in security and resilience, both because it is heavily regulated and because financial firms generally have the budgets to buy that best practice.

Yet the ECB believes that much more needs to be done to “raise awareness internally about existing cyber” and that “banks need to prioritise investment in cybersecurity and treat it as a vital strategic component that underpins their operational resilience”.

With DORA here now there exists “a robust framework that will require banks to step up their efforts to foster a culture of continuous cyber risk management.”

So

  • Where must banks focus their security and resilience efforts now?
  • Do they need to change the way they think about security – are processes the new crown jewels not data?
  • If they can’t determine damage then how can they evaluate the ROI of security programmes?

 

Securing Financial Services will look at how leading institutions are continuing to develop their security and resilience programmes.
Join our real-life case studies and in-depth technical sessions from the security and privacy teams at the UK and Europe’s most sophisticated firms.

View details of the previous event

  • Reining in third parties

    • Resilience and security increasingly come down to key dependencies outside the organization.
    • With on prem tech the past and Cloud and external IT the future, how do organisations ensure security when they rely on vendors who are vulnerable but above leverage with even their biggest clients?
    • How do we solve the third-party problem?

  • Securing the technologies of the future

    • Quantum computers, web3, multiple types of distributed ledger technology, augmented and virtual reality, the Metaverse, AI-driven applications and even organisations, automation as a service
    • These technologies are happening now and they all have security implications
    • Who is thinking about how to secure future tech?

  • Where does AI make most sense?

    • With AI being the key to automation, new XDR solutions, SOC overload, etc. It can help derive better insights from threat intelligence and create better, smarter anomaly detection in network traffic or alert datasets. 
    • It may deliver better malware identification or detection of lateral movement and so help with ransomware.
    • Where is the proof that any of this is working?

  • From cybercrime to cyberwar

    • Blurred lines between cyber-spies, cybercriminals and cyber-armies have transformed the (in)security landscape
    • Nation-state exploits are now widely available
    • How can the various elements of government work better with private sector solution providers and endusers to build security that can cope with not-quite-nation-state attackers?

  • The rise and rise of effective cybersecurity regulation

    • Data privacy is only a small part of the picture.
    • Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow.
    • They are looking at disclosure and fining the miscreants. How to comply with new regimes?

  • From Cloud security to Cloud incident response

    • Recent Cloud outtages have disrupted low-level infrastructure
    • They have also disabled cybersecurity solutions and sometimes shut down corporate access to critical network assets
    • As well as managing Cloud security, CISOs need good Cloud incident response. How are they going about it?

Who Attends

Job titles

Cyber Threat Intelligence Relationships Manager
Security Architect
Cyber Analyst
Software engineer
Senior Information Security Analyst
Third Party Risk Lead
Project Manager
Infrastructure Project Principal
Head of Security Risk & Compliance
Chief Technology Officer
Chief Information Security Officer
Financial crime Executive
PCI DSS Support Function Manager
Cyber Analyst – Resilience
Lead Operational Risk Framework Manager
Lead Security Engineer
Business Security Consultant
CSO Risk & Controls
Lead Devops Analyst
CISO
IT Director
Senior Cyber Specialist
Cyber Security Engineer
Chief Risk Officer
Cyber Security Manager
Senior Internal Audit Manager
Technology & Cyber Risk Manager
Associate Director- EIOD IT Information Security Officer
Fraud Analyst
Information Security Officer
Senior Systems Engineer
IT Support Analyst
CIO and CISO
Head of Risk
Director - Technology and Cyber Risk
Vice-President Technology - Operational Resilience and 3rd Party Risk Oversight
Chief Technology Risk Manager, Head of Information Security & Data Privacy
Vice President, Technology and Cyber Risk Oversight
Head of Tech Ops & Cyber
Senior Information Security Officer
Executive Director, Europe
CTO
Secure Development Manager
Head of Audit
Head of Information Security
Principal Cyber Threat Intelligence Analyst
Head of IT Risk Governance
Manager - IT
Head of Infrastructure
Global Head Cyber Incident Response
Head of IT Security
Senior Cyber Security Engineer
Senior Information Security Governance, Risk & Compliance Analyst
Cyber Threat Intelligence Manager; Tactical & Operational
VP - Cyber Fraud Fusion Centre
Senior Investigator
Global Resilience Risk Specialist, Cloud Senior Manager
Senior Advisor Information Technology
Information Security Manager
Director of Business Information Security
Director of Technology
Director Business Information Security (BISO)
Chief Administration Office - Data Protection & Information security
Cyber Risk Consultant
Security Assurance Team Leader
Director - Fraud Investigations
Head of IT
Information Security and Data Protection Officer
DPO
Chief Information Security Officer
Security Engineer Architect
IT Security Analyst
Head of R&D and Engineering Cyber Fraud Fusion Centre
Enterprise Solution Architect
Head of Technology and Cyber Resilience Risk Oversight
InfoSec Analyst
Information Security Manager
Head of Digital CyberSecurity
Investment Adviser, UK and Ireland
Trade Advisor
CISO
Cyber Security Manager
Senior DevOps Manager
Head of IT & IS
IT Infrastructure & Security Manager
Director, Security Controls Services
VP, Cyber Investigations
Group Head of Information Security and Cyber Risk
Program Manager - Customer Identity and Access Management
Head of Internal Audit
Product security Lead VP
Head of Cyber Intelligence
Information Security Communications & Education Manager
Information Security
Vulnerability Lead Analyst
Security Architect
Technical Architect Cloud Security
Third Party Risk Consultant
Information Security Specialist
Privacy Officer
Head of Cyber Risk Intelligence, Insider Technology Risk and Digital Asset Risk
Cyber Manager
IT Security Analyst Specialist
Senior Manager - Digital Transformation
Vice President - IT Operations
International CIO
Lead - Ops/Tech Risk CA
Associate Director - Infrastructure Risk Management
Information Security Principal
Security Architect
Cyber Security & Operational Resilience Manager
Chief Risk Officer
Vice President, EMEA & UK/I for Cyber Hygiene
Information Technology Audit Manager
Network Security Architect
GRC Manager
Cybersecurity Compliance Manager
Director - Information Security Operations and Threat Intelligence
Senior Special Agent - Global Security
Cyber Security Risk Associate
Executive Director, Cybersecurity & Technology Control Governance & Program Management
Chief Information Security Officer
Business Information Security - Chief Information Security Office
Security Architect
Senior Director, Global Security Operations
Consultant
Senior Security Specialist
Cloud Security & DevSecOps Consultant
IT Audit Manager
Head of IT
Security Analyst
Infosec Analyst
CISO - Corporate Functions
Manager – Strategy & Intelligence; Investigations, Insider Risk and Data Loss Protection
Information Security Officer
Vice President, EMEA Regulatory Engagement Team
IT Manager
Resilience Risk Senior Digital Manager

Organisations

MasterCard
Santander
Bank of England
Man Group Plc
US Bank
Financial Services Information Sharing and Analysis Center (FS-ISAC)
African Development Bank (AfDB)
European Bank for Reconstruction & Development (EBRD)
AXA XL
Allianz
LV=
CIMB
NatWest Group
Pay.UK
Metro Bank
Beacon Platform
Mizuho
Credit Suisse
LSEG (London Stock Exchange Group)
NorthStandard
Specialist Risk Group
British International Investment
Lloyds Banking Group
OakNorth
Alpha Group (Alpha FX)
Pepper Money UK
Allianz
Mizuho
NatWest Group
First Abu Dhabi Bank
Suffolk Building Society
AEGIS London
Bibby Financial Services
Atomos
OakNorth
MUFG - Mitsubishi UFJ Financial Group
Natixis
MUFG - Mitsubishi UFJ Financial Group
Triple Point
Weatherbys Bank
Financial Services Information Sharing and Analysis Center (FS-ISAC)
Oxbury Bank Plc
HSBC
NatWest Group
Salary Finance
LSEG (London Stock Exchange Group)
Bupa Global
StreamBank
UnityLink Financial Services Limited
S&P Global
Kroo Bank
Bank of England
Legal & General
Fidelity International
Barclays
M&G plc
HSBC
Redwood Bank
AXA
LSEG (London Stock Exchange Group)
Financial Wellness Group
LCH
Commerzbank
Zurich Insurance Group
MarkerStudy
American Express
Europe Arab Bank
Allica Bank
Metro Bank
Beazley
Standard Bank Group
Financial Services Compensation Scheme (FSCS)
Barclays
Embark Group
abrdn
Legal & General
Legal & General
Lloyds Banking Group
Business France
Business France
Orbital
Royal London
LSEG (London Stock Exchange Group)
Suffolk Building Society
Alpha Bank
LSEG (London Stock Exchange Group)
Barclays
Bank of Ireland
UBS Group
Pepper Money UK
JPMorgan Chase & Co.
Envelop Risk Analytics Ltd
Allianz Holdings Plc
Natixis
MasterCard
Santander
Munich Re
Provident Financial Group
Vanquis Bank
Raymond James Financial
BNP Paribas Group
Pay.UK
FIS Global
Santander
Intellect Design Arena Ltd
Jefferies
Credit Suisse
Royal Bank of Canada (RBC)
European Bank for Reconstruction & Development (EBRD)
LSEG (London Stock Exchange Group)
NorthStandard
Credit Suisse
Deutsche Bank Group
MUFG - Mitsubishi UFJ Financial Group
Deutsche Bank Group
Moneycorp
HSBC
MasterCard
American Express
Mizuho
JPMorgan Chase & Co.
Allica Bank
Deutsche Bank Group
Insight Investment Management
Planet
Multigate
Mizuho
FIS Global
M&G plc
Union Bank UK
StoneX Group Inc.
Verto Fx
Credit Suisse
Lloyds Banking Group
Landesbank Baden-Württemberg
JPMorgan Chase & Co.
DorisIT
HSBC

Company headcount

5000-9999
100-499
3000-4999
10,000+
10,000+
10,000+
100-499
100-499
10,000+
100-499
10,000+
10,000+
100-499
10,000+
5000-9999
3000-4999
3000-4999
10,000+
10,000+
10,000+
10,000+
100-499
1000-1999
100-499
10,000+
500-999
2000-2999
1000-1999
1000-1999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
1-99
500-999
1-99
3000-4999
3000-4999
100-499
5000-9999
100-499
100-499
100-499
100-499
5000-9999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
500-999
1000-1999
3000-4999
10,000+
10,000+
10,000+
100-499
1000-1999
5000-9999
5000-9999
5000-9999
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
5000-9999
5000-9999
5000-9999
2000-2999
1000-1999
10,000+
10,000+
10,000+
3000-4999
3000-4999
10,000+
10,000+
10,000+
10,000+
500-999
10,000+
10,000+
10,000+
1-99
10,000+
10,000+
10,000+
10,000+
10,000+
10,000+
100-499
100-499
500-999
500-999
100-499
1-99
100-499
100-499
100-499
100-499
2000-2999
2000-2999
5000-9999
1-99
10,000+
2000-2999
10,000+
100-499
10,000+
10,000+
10,000+
500-999
10,000+
3000-4999
100-499
100-499
100-499
100-499
10,000+
1-99
100-499
10,000+
1000-1999
1-99
100-499
10,000+


Venue

Park Plaza Victoria, London

vpp

Location:
Park Plaza Victoria
239 Vauxhall Bridge Road, London, UK, SW1V 1EQ
Telephone: 0333 400 6140

Directions:
Please click here