Financial Crime World

Cybersecurity Risks Reach Board Level as Experts Warn of Imminent Attacks

The European financial sector is sounding the alarm, warning that cybersecurity threats have reached a critical level and require immediate attention from top-level management and boards of directors. According to experts, the question is no longer if, but when an organisation will be attacked.

The Urgent Need for Cybersecurity Measures

“Cybersecurity is becoming a resilience issue for organisations and, as such, an issue that concerns management and the board of directors, not just IT departments,” says Najia Belbal, independent director and board advisor for cybersecurity. “The cost of a major cyber security incident can be exorbitant, making it essential to invest in preventive measures and response planning.”

  • Allocate 10% of an organisation’s IT budget towards cybersecurity
  • Implement proactive protection and rapid detection and reaction capabilities

Human Error: The Most Common Cause of Successful Attacks

Belbal warns that human error is often the root cause of successful attacks, with hackers targeting vulnerabilities in employee behavior. “Training your staff is now essential as increased and diversified sabotage attempts are launched against companies through simple emails that an uninformed employee is likely to open,” says Jelena Zelenovic Matone, Chief Information Security Officer at EIB.

  • Staff training and awareness are crucial in preventing attacks
  • Employees must be educated on cybersecurity threats and best practices

Outsourcing: A New Set of Risks

The financial sector’s reliance on outsourcing has also created new risks, with experts urging greater oversight of third-party providers. The CSSF has issued circulars (20/750) and (22/806) to address these concerns, while the Dora regulation requires firms to report all cybersecurity incidents.

  • Increased oversight is necessary for third-party providers
  • Regular security audits and risk assessments are essential

The Global Shortage of Cybersecurity Professionals

Despite efforts to improve cybersecurity, the industry is struggling to recruit sufficient talent. According to the World Economic Forum, there is a global shortage of 3 million cybersecurity professionals.

  • Introduce cybersecurity aspects into higher education from the outset
  • Encourage young people to consider specialising in this field

Conclusion

As the threat landscape continues to evolve, financial institutions cannot afford to drop their guard. With cybersecurity risks reaching board-level attention, it is essential that organisations take proactive measures to prevent and respond to attacks, prioritising staff training, awareness, and talent development in this critical field.

  • Allocate sufficient resources to cybersecurity
  • Implement effective security measures and response plans
  • Educate employees on cybersecurity best practices