Banks just can't find enough cyber-security talent
Banks are desperate to hire cyber-security professionals and a shortage of talent means they're looking outside of the financial services industry. Goldman Sachs turned to the White House for its new cyber-security lead, while Morgan Stanley hired a counter-terrorism expert and BNP Paribas recruited from consulting.
A new survey by Deloitte suggests that financial services organisations are both stepping up cyber-security initiatives and encouraging their staff to behave more ethically.
“Cyber talent continues to be in short supply, especially when it comes to quality hires and in areas like advanced threat management,” said Vikram Bhat, a principal and the head of the financial services cyber risk services team in the risk and financial advisory practice at Deloitte. “Firms are poaching from one another and the government. There are new areas emerging when it comes to talent needs in this area: analytics, data science and machine learning, among others,” he said.
Only 42% of Deloitte survey respondents said they considered their employer to be extremely or very effective in managing cyber-security risk. However, when asked which risk type would increase in importance for their firm over the next two years, respondents ranked cyber-security is the that most often – 41% – among the top three.
Financial services executives have been increasingly concerned about improving their firm’s management of cyber-security risks – in part because the issue has been receiving greater attention from regulators and policy-makers, says Deloitte.
The report notes the wide range of cyber-risks that banks and other financial services firms much contend with, including attacks on operating systems; locking users out of their computers and data; theft or corruption of data and systems; and release of confidential data, intellectual property or corporate strategy.
Banks, securities companies and asset management firms, including hedge funds, as well as payment and clearing systems, are prime targets for cyber-criminals looking to steal money or data, or compromise critical infrastructure. Deloitte reported that the large amounts of money involved and the increased use of online and mobile banking spur on such cyber-crime.
Deloitte estimates that the number of cyberattacks against financial institutions is around four times greater than those targeting companies in other industries.
Last year, the New York State Department of Financial Services (DFS) proposed “first-in-the-nation cyber-security regulation,” prescriptive cyber-security requirements for banks and insurers.
In addition, the U.S. Federal Reserve, the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) gave advanced notice of a rule-making proposal to require enhanced cyber risk management and resilience standards for large banks, which may lead to a more formal proposed rule in 2017.
The regulators in the European Union are expected to follow suit, meaning that banks on both sides of the pond will have to enhance their cybersecurity protections by adding headcount.
“There is an opportunity here for growing grassroots talent,” Bhat said. “There’s also the opportunity for cross-training in a meaningful way: Industry and government can do more, and do better, to create the environment and funding [to cultivate cybersecurity talent].”
Photo credit: BeeBright/GettyImages