Canada’s banks are well aware of the critical importance of cybersecurity, but need to enhance their approach to the evolving, multi-faceted issue, suggests a new report from PricewaterhouseCoopers LLP (PwC Canada).
Cybersecurity is a top concern throughout the industry, according to PwC Canada. It reports that more than half (52%) of financial industry executives see cybercrime as the biggest criminal threat facing their firms over the next 24 months, and 93% of bank and capital markets CEOs are already investing in enhanced cybersecurity.
Despite these high levels of awareness and action, PwC Canada says that the banks must contend with a variety of challenges including, “increasingly sophisticated adversaries, rapidly evolving technologies, and multiple regulatory requirements.”
These factors are prompting the need for banks to revisit their approach to security, and to “augment traditional controls with more layered and advanced controls,” it says.
The report stresses that banks must consider internal, external and regulatory factors as they assess their cybersecurity preparations. Internal drivers may involve organizational changes, banks’ evolving digital services, acquisitions and partnership arrangements. External considerations include everything from technology to the shifting geopolitical landscape. And, regulatory demands remain an ongoing concern, particularly for banks that operate in multiple jurisdictions.
PwC Canada says that banks also must take account of their relationships with fintech firms, and any joint initiatives, to ensure that firm-wide cyber risks are properly understood and addressed.
“In order to execute on innovation while maintaining trust in the digital economy, banks need to pursue two parallel strategies – cyber risk agility and resiliency,” says Sajith Nair, partner, cybersecurity and privacy at PwC Canada. “Cyber risk agility to build a flexible cyber risk framework that can anticipate and prepare for innovations that bring longer-term success. Cyber risk resiliency to withstand potential cyber risk events from these innovations and keep the business moving toward its goal.”