Financial Cybersecurity Risk Management by Paul Rohmeyer & Jennifer Bayuk- Springer – APRESS

Leadership Perspectives and Guidance for Systems and Institutions

A major deterrent to achieving a strong cybersecurity posture in the financial services industry is the inability to understand and manage the risk to critical systems and sensitive information. IT security leaders in financial services are keenly aware that recent well-publicized mega breaches and new cybersecurity regulations such as the New York State Department of Financial Services 23 NYCRR 500 are creating a sense of urgency among CEOs and boards of directors to address the threats facing their organizations.
Authored by Dr. Paul Rohmeyer, Program Director of the renowned Master of Science in Information Systems in the Stevens Institute of Technology School of Business, and Dr. Jennifer Bayuk, cybersecurity
researcher and former cybersecurity executive, Financial Cybersecurity Risk Management offers valuable guidance on how to manage cybersecurity risk at the enterprise level. It is unique in its specific focus
on the challenges financial organizations face, including those involving governance and culture.
The analysis begins with a thorough examination of the threat landscape in the financial services industry and the importance of understanding technology and human vulnerabilities. These vulnerabilities
include the plethora of mobile devices in the workplace and the growing frequency and severity of Business E-mail Compromises (BEC). According to a recent Ponemon Institute study,1
79 percent of companies represented in the research say they certainly or likely experienced a serious data breach or cyber attack during the past 12 months, such as phishing or business e-mail compromise. More than 53 percent of respondents in the study say it is very difficult to stop BECs.
Financial Cybersecurity Risk Management also discusses the consequences of data breaches when high-value assets are targeted.
The findings from a Ponemon Institute study2 are consistent with the authors’ assessment that not safeguarding these assets will have serious consequences. According to the research, the cost to recover from an attack against high-value assets can average $6.8 million.
Once organizations understand their risk, the question posed is “How do I Manage This?” According to the authors, decision makers need to understand and communicate how technology supports strategy and how the enterprise governance function can help achieve a strong cybersecurity posture. Financial Cybersecurity Risk Management concludes with the potential cybersecurity implications created by new technologies that improve the customer experience and emerging standards that will result in increasing scrutiny of the financial services industry.
Given the mounting need to make cybersecurity a priority, Financial Cybersecurity Risk Management can be key to preparing financial organizations to think long-term and understand the investments they
should be making in people, process, and technologies to prevent a catastrophic data breach or cyberattack. I strongly recommend Financial Cybersecurity Risk Management to IT and IT security professionals as well as to boards of directors and CEOs.

—Dr. Larry Ponemon
Chairman and Founder
Ponemon Institute

Leave a Reply

Your email address will not be published.