Cyber Risk Management - A Top Priority for Capital Markets Firms
capitalmarketsciooutlook

Cyber Risk Management - A Top Priority for Capital Markets Firms

By Capital Markets CIO Outlook | Monday, August 26, 2019

With accurate information and a complete view of the risk landscape, capital market firms can make timely and well-informed decisions to adapt to potential security threats and emerging market opportunities.  

FREMONT, CA: The risk and impact of cyberattacks on the capital markets sector are increasing, and the industry is looking for innovative ways to address them. The growth of security solutions is outpacing IT spend due to the rapid proliferation of digitalization, increasing regulations on security, risk and data privacy, and the growing volume of cyber threats. Also, there is a surge in the number of threat vectors and vulnerabilities in enterprise networks, which increases cybersecurity risk exponentially. 

Any financial institutions, including capital markets firms, are not immune to this risk of increasing reliance on information technology and accelerating pace of digitalization of the market. The risk and exposure can be multi-fold, both direct operational and financial. This is due to the damage caused by cyberattacks or reputational risks and financial penalties from regulators who are increasingly adding to the infrastructure and compliance requirements around cybersecurity. 

Cyber threats in capital markets may lead to manipulation of order management systems leading to incorrect feeds, false orders/ non-submissions, and corruption of trade surveillance systems, thus enabling manipulative, illegal and abusive trade practices. All this can trigger automated rogue trading strategies, thereby increasing the chance of flash crashes. The cybersecurity landscape for asset and wealth management firms is also fraught with an array of threats aimed at stealing or compromising clients’ investment or personal data.

Managing cybersecurity in this digital age requires a vastly different approach from traditional methods of preserving security. The need is to create a multi-disciplinary approach that combines risk and compliance, IT, and security capabilities and deliver platforms that address the broad security requirements of an organization. The security platforms typically cover several solutions that span across core security domains, operations, audit, and analytics. The advantage of the platform-based approach is the ability to bring specialization in fundamental building blocks to cybersecurity along with the standardization of policies and procedures.

Cyber threats are growing in severity, thereby making traditional approaches to security less effective. Along with an increased focus on updating patch management and stronger third-party risk and compliance procedures, emerging technologies like cloud, artificial intelligence, machine learning, robotic process automation, and big data can help with more effective cybersecurity strategies. The use of sequential hashing and cryptography in blockchain and decentralized structure is making it possible to alter any data on the ledger, thus protecting client data and trade information and making it nearly impossible for hackers to attack.

Artificial intelligence and machine learning algorithms help in fast detection of threats and limiting their spread by identifying unusual patterns. They also help in keeping pace with the continuously changing threat landscape by training algorithms on new trends. Robotic process automation helps in lowering security-related efforts associated with employee training on security policies and practices as it provides a zero-touch environment.

Cloud is reaching a detectable maturity level in the capital markets industry. Capital markets firms should proactively address the risks associated with cloud computing and map regulatory requirements with their cloud approach to ensure resilience, availability, and disaster recovery capabilities. Cloud-based security solutions contribute to on-prem solutions with low maintenance costs, high availability, and advanced analytics. Besides the cloud, big data is being used to identify cyber-attack trends from the vast amount of security data mined across devices. One of the emerging technologies in this field of analytics is UEBA (User and Entity Behavior Analytics) which takes note of the reasonable conduct of users and detects deviations from standard patterns using machine learning, algorithms, and statistical analyses.

Capital markets enterprises operate in a highly regulated and increasingly competitive, and budget-constrained market. At the same time, firms are still expected to establish an operating model that allows analysis and surveillance while avoiding barriers to the core business.

Weekly Brief