As a security and risk professional, I am often asked ‘how much security is enough?’ Seems a simple enough question, but it manages to trip so many people up in terms of an answer. So what is the right answer? Is there a nice sound bite that one can give? Well, not really.
In a dynamic environment such as ours of increasing security threats, firms have a big challenge on their hands to ensure they continue to:
A day rarely passes without a press report relating to a security issue. All financial services organisations now face greater security threats to their people, assets and operations from such diverse sources including:
The level of complexity involved in managing such a diversity of threats means that cyber security has become a significant and increasing cost of doing business. The challenge is to develop a holistic approach to security management which responds to each of these demands in a coordinated, cost effective, and efficient way.
Where are firms focusing their infosec investment?
Our larger clients are spending millions in transforming their security functions and improving their security management practices across a range of areas, including:
For many of our clients, this investment represents a significant shift away from the manner in which they have traditionally managed security. It is also placing huge demands on their security teams to develop new management skills, and it also places demand on their partners and service providers, including us.
The best fit model
We’re seeing it becoming more common for organisations to strive for a “best fit” solution as opposed to obtaining “best practice” in every security matter. It’s about being commercial and pragmatic in the way security is managed. Conforming to best practice is an extremely expensive exercise that does not necessarily deliver business benefits equal or greater to the expenditure required to get there.
A best fit model is about understanding what the risks are, and applying the most appropriate risk mitigation strategy to reduce them, as opposed to applying the best practice processes regardless of the associated risk.
So how much security is enough? A good place to start is to identify the top risks your business is likely to face and find commercially pragmatic solutions that remediate those risks. And that’s exactly what firms must be focused on doing right now.
With the pressure to be ‘digital’, is your approach strategic, or just tactical?
Find out what happened when we put two of our favourite technologies together.
They’re calm, super-efficient, resilient, and rumour has it, they’re happier too. Here's why...
Why fostering diversity can drive innovation and be a real differentiator for business.
IRESS enables skills development through the St Angsars IT Lab
Shaun Nicholson gives insight into financial markets.
Barbara Arnold gives insight into market data.
Stuart Campbell highlights IRESS product news.
Cameron Wood, Wealth Business Partnerships Manager, discusses the necessity of Financial Services Software Integration
Ridwaan Kharva, Head of FM Product SA , discusses multi-markets in South Africa
Is the world ready for what could be the biggest market structural overhaul in history?
How real-time collaboration is enabling global teams to innovate and improve agility.