As a security and risk professional, I am often asked ‘how much security is enough?’ Seems a simple enough question, but it manages to trip so many people up in terms of an answer. So what is the right answer? Is there a nice sound bite that one can give? Well, not really.
In a dynamic environment such as ours of increasing security threats, firms have a big challenge on their hands to ensure they continue to:
A day rarely passes without a press report relating to a security issue. All financial services organisations now face greater security threats to their people, assets and operations from such diverse sources including:
The level of complexity involved in managing such a diversity of threats means that cyber security has become a significant and increasing cost of doing business. The challenge is to develop a holistic approach to security management which responds to each of these demands in a coordinated, cost effective, and efficient way.
Where are firms focusing their infosec investment?
Our larger clients are spending millions in transforming their security functions and improving their security management practices across a range of areas, including:
For many of our clients, this investment represents a significant shift away from the manner in which they have traditionally managed security. It is also placing huge demands on their security teams to develop new management skills, and it also places demand on their partners and service providers, including us.
The best fit model
We’re seeing it becoming more common for organisations to strive for a “best fit” solution as opposed to obtaining “best practice” in every security matter. It’s about being commercial and pragmatic in the way security is managed. Conforming to best practice is an extremely expensive exercise that does not necessarily deliver business benefits equal or greater to the expenditure required to get there.
A best fit model is about understanding what the risks are, and applying the most appropriate risk mitigation strategy to reduce them, as opposed to applying the best practice processes regardless of the associated risk.
So how much security is enough? A good place to start is to identify the top risks your business is likely to face and find commercially pragmatic solutions that remediate those risks. And that’s exactly what firms must be focused on doing right now.
How to win and retain clients in a digital age where loyalty is getting harder to achieve.
How to make lifestyle planning a successful and profitable part of your advice proposition.
A decisive shift is happening and planning for it now is critical.
We profile five of our exceptionally talented women from around the world.
What every wealth and investment firm needs to put at the centre of its strategy.
It's a major change but is taking financial services in the right direction.
Chris Pitt discusses which areas of GDPR are the most important for an adviser business to consider.
What will shape the delivery of financial services in 2018?
'Tis the season for giving so here's three of our most popular insight pieces all wrapped up.
With regulation constantly changing, how can financial services ever keep up?
With the pressure to be ‘digital’, is your approach strategic, or just tactical?
Find out what happened when we put two of our favourite technologies together.