The cost of a cyberattack in the banking industry is reaching $18.3 million annually per company according to the Accenture and Ponemon Institute report “Unlocking the Value of Improved Cybersecurity Protection”. With these skyrocketing claims it’s no surprise that the Basel Committee on Banking Supervision, a leading worldwide authority, is putting definition around expected principles.
In its recently published Principles for Operational Resilience report, the Basel Committee “seeks to promote a principles-based approach to improving operational resilience. The principles aim to strengthen banks' ability to withstand operational risk-related events that could cause significant operational failures or wide-scale disruptions in financial markets, such as pandemics, cyber incidents, technology failures or natural disasters.”
One principle near and dear to Dataprise as well as our banking clients is Principle 7, which looks at information and communication technology (ICT) and specifically cybersecurity. This principle states that “banks should ensure resilient ICT including cyber security that is subject to protection, detection, response and recovery programs that are regularly tested...”
Two key areas that the Basel Committee expands upon are operation resilience expectations around:
- Banks having documented ICT policies that cover cybersecurity including:
- Governance and oversight requirements
- Ownership and accountability
- Security layers and policies including, but not limited to, access controls, asset protection and identify management
- Assessments & monitoring of security policies
- Incident response plans
- Disaster recovery and business continuity plans
- Banks identifying their critical information assets and the infrastructure upon which they depend including:
- Prioritizing cybersecurity efforts based on an ICT risk assessment and banks critical operations
- Developing plans and implementing controls to maintain the integrity of critical information in the event of a cyber event, such as secure storage and offline backup on immutable media of data supporting critical operations.
- Regularly evaluate the threat profile of critical information assets, test for vulnerabilities and ensure resilience to ICT-related risks.
Dataprise works with banks across the United States on cybersecurity and operational resiliency initiatives. Reach out to speak with one of our consultants.