As a security and risk professional, I am often asked ‘how much security is enough?’ Seems a simple enough question, but it manages to trip so many people up in terms of an answer. So what is the right answer? Is there a nice sound bite that one can give? Well, not really.
In a dynamic environment such as ours of increasing security threats, firms have a big challenge on their hands to ensure they continue to:
A day rarely passes without a press report relating to a security issue. All financial services organisations now face greater security threats to their people, assets and operations from such diverse sources including:
The level of complexity involved in managing such a diversity of threats means that cyber security has become a significant and increasing cost of doing business. The challenge is to develop a holistic approach to security management which responds to each of these demands in a coordinated, cost effective, and efficient way.
Where are firms focusing their infosec investment?
Our larger clients are spending millions in transforming their security functions and improving their security management practices across a range of areas, including:
For many of our clients, this investment represents a significant shift away from the manner in which they have traditionally managed security. It is also placing huge demands on their security teams to develop new management skills, and it also places demand on their partners and service providers, including us.
The best fit model
We’re seeing it becoming more common for organisations to strive for a “best fit” solution as opposed to obtaining “best practice” in every security matter. It’s about being commercial and pragmatic in the way security is managed. Conforming to best practice is an extremely expensive exercise that does not necessarily deliver business benefits equal or greater to the expenditure required to get there.
A best fit model is about understanding what the risks are, and applying the most appropriate risk mitigation strategy to reduce them, as opposed to applying the best practice processes regardless of the associated risk.
So how much security is enough? A good place to start is to identify the top risks your business is likely to face and find commercially pragmatic solutions that remediate those risks. And that’s exactly what firms must be focused on doing right now.
Retirement is no longer a one-and-done decision says Chris Pitt.
You don't have to be a fintech to run a hackathon but you do need to get it right.
Henry Woodcock on what it really means to be digital.
Henry Woodcock comments on CML gross lending figures for May.
It's not just humans who go through a midlife crisis, says Mark Loosmore.
Henry Woodcock comments on CML gross lending figures for April.
We're gearing up for the third annual Global Hackathon – a high energy, fast paced, pizza-fuelled event spanning five continents and multiple time-zones.
How can wealth managers be more flexible, responsive, personalised and deliver ever greater ‘value’ for clients?
Henry Woodcock discusses digital transformation in financial services: Is this just a fad to get businesses investing in more technology?
Henry Woodcock comments on CML gross lending figures.
A ‘tripped fuse’ in an advice business could manifest as a less than optimal customer experience.
The 2017 IRESS Intermediary Mortgage Survey is out. Henry Woodcock talks us through the findings