Cyber: Build resilience and reduce threats

Improve your bank’s response against emerging cyber threats.

The banking industry faces several challenges due to recent economic, geopolitical and regulatory developments. KPMG has identified the top 10 issues facing banks in 2022 and beyond, and in this article we examine the topic of cyber.

A persistent and sophisticated threat

Regulators have called cyber risk the foremost risk to financial stability – and the Administration has called it a persistent and increasingly sophisticated threat that weighs heavily on governments and financial services companies alike. Given the highly interconnected nature of the banking sector and its dependencies on critical third-party service providers, all participants in the financial system must implement risk mitigation and resilience initiatives relative to both frequency and impact of cyber threats. Current or emerging threats include malware (e.g. ransomware), supply chain risk, and sophisticated distributed denial of service attacks.

Taking Action in 2022 - Cyber

Evolve your customer and enterprise identity and access management programs to ensure appropriate preventions against the latest account takeover threats.

Increases in data transfer sophistication have widened the array of entry points to a bank’s assets and consumer data, expanding the number of attack vectors for malicious actors. Weak access management and authentication controls provide opportunity for cyber attackers to leverage compromised credentials to access the same resources and data that legitimate users can.

Use orchestration and automation to augment limited cyber security resources and improve your speed to respond.

Banks need to continue to enhance their cyber security capabilities. Security orchestration, automation, and response (SOAR) tools combine to allow companies to collect data about security threats from multiple sources, initiate a response with limited human interaction, and coordinate post-incident reporting and information sharing. Benefits include faster detection and reaction, broader threat context, integrated data management safeguards, and lower costs.

Identify, manage and protect the bank’s information assets (throughout the data management lifecycle) by embedding “privacy by design” and automating data protection.

Banks are collecting increasing amounts of customer data to feed predictive analytics, personalize marketing campaigns, and introduce/improve products and services. Consumers, for the most part, are increasingly concerned about how their information is being collected, used, and protected. “Privacy by design” principles set a baseline for robust data protection by embedding privacy into the design, operation, and management of new applications, including IT systems, AI platforms, and digital business practices, with the goal of preventing privacy vulnerabilities.

Shifting to a higher gear
Download the full report to learn about all of the key issues impacting banks in 2022 and beyond

Connect with KPMG

Matthew P. Miller

Matthew P. Miller

Principal, Advisory, Cyber Security Services, KPMG US