A new survey of risk officers at financial institutions has found that less than half of respondents consider their institutions to be effective in managing cybersecurity risk, and even less effective when it comes to newer types of risk.
Just 42 percent of the survey’s respondents, who work for firms including banks, insurers, and investment managers, think their firms are either “extremely” or “very” effective at managing cybersecurity risk, according to Deloitte’s tenth annual global risk management survey, published Thursday. The survey encompasses the responses of 77 global financial institutions representing $13.6 trillion in total assets.
The consulting firm’s findings follow a spate of high-profile cases of hacking and security breaches at financial institutions and warnings by security experts of growing threats in this area. Deloitte’s survey reveals that the main obstacle to managing cybersecurity risk is hiring skilled cybersecurity professionals. Fifty-eight percent of respondents cited this as a challenge, and 57 percent mentioned getting actionable, or real-time threat intelligence as a problem.
“You need a good combination of analytical (quant) people, especially for advanced analytics and big data,” said the chief risk officer of a financial services company in the survey. “But you need people who do not blindly do advanced analytics. You need business insight and business judgement as well.”
With regard to traditional risk types, however, about 80 percent or more of those surveyed viewed their institutions as extremely or very effective at managing risks around traditional areas such as liquidity, underwriting, and asset and liability. With more modern risks like managing model and data integrity, 40 percent or fewer of the respondents believed their institutions effectively handled the risk.
The Deloitte survey also reported a steep drop in the number of respondents who said their bank or firm was effective at managing geopolitical risk. With heightened political uncertainty across the globe, just 28 percent of those surveyed said institutions could manage geopolitical risk, down from 47 percent in 2014.
