How Financial Organisations can Improve Cybersecurity
How Financial Organisations can Improve Cybersecurity
BFSI sector, NCIIPC
The financial industry experiences 35 percent of all data breaches. It houses high-value data and assets that are attractive to attackers for obvious reasons. The US National
Institute of Standards and Technology (NIST) divide financial institutions into four levels of cybersecurity maturity.
Partial: At this level the organisation cybersecurity risk management practices aren’t formalized and risk is managed
in an ad hoc (and sometimes reactive) manner.
Informed: This maturity level is characterized by institutions where management has approved risk management
practices, but these practices are not established as policy across the organization.
Repeatable: At this maturity level, an organization’s risk management practices are formally approved and expressed
as policy.
Adaptive: At this highest maturity level, organizations adapt cybersecurity practices “based on lessons learned and
predictive indicators derived from previous and current cybersecurity activities.”
Forbes advises financial institutions to apply some thought to three different steps to verify greater data security and minimize
legal exposure. Firstly, they ought to draft internal policies, procedures and contractual provisions associated with the
investigation, and remediation and reporting of breaches. Next, institutions should obtain appropriate insurance sum for various
varieties of cyber risks and consider the adequacy of existing insurance programs. Not only will this help to mitigate risk if an
institution is successfully attacked, but organizations may end up proactively improving their cybersecurity environments
because it is the easiest way to increase coverage or lower their premiums. Finally, financial institutions should seek out thirdparty cybersecurity partners that will help them manage their security environments and forestall data breaches
References:
[1] https://biztechmagazine.com/article/2020/01/how-financialservices-firms-can-improve-cybersecurity
No comments:
Post a Comment