In the session, Margaret Harwood Jones, global head of securities services transaction banking at Standard Chartered, and moderator of the panel, asked the audience of network management professionals whether they believe cyber crime is going to be the source of the next financial crisis.
More than half of respondents, 54 percent, answered with ‘highly likely’, while a further 17 percent said this is ‘inevitable’.
This is compared to 7 percent who said ‘not likely’, and 22 percent who answered ‘maybe’, conceding that cyber crime is a business risk.
Harwood-Jones quotes statistics from a new Standard Chartered white paper, saying cyber security is now considered one of the top three risks for banks. She added that the cost of cyber breaches is currently estimated at an excess of $500 billion, and expected to increase to more than $2 trillion by 2020.
Jamie Woodruff, chief technology officer of Metrix Cloud, suggested that firms tend to focus on the robustness of their infrastructure, forgetting about the “personal side to cyber security”.
He called humans the industry’s first and last line of defence, adding: “we don’t really train them adequately.”
The panel also discussed the issue of legacy technology as contributing to cyber risk. Phil Mort, executive director of J.P. Morgan, said the industry tends to talk about legacy technology “as if it’s an inevitability”.
“It’s not,” he said. “We choose to have legacy technology.”
Patrick Wheeler, a self-proclaimed ‘cyberpreneur’ added that, typically, IT departments tend to focus on their own businesses within an institution. However, networks are interconnected, and this is the “true legacy problem”.
While Wheeler sympathised with the complexity of the work required from project managers and IT managers in order to address this issue, he said: “It’s surprisingly hard, but there’s no excuse not to do it.”
Finally, Mort noted that, as cyber attacks evolve, the long term challenge is “not going to be solved organisation by organisation”.
“There needs to be a significantly increased level of coordination” in everything institutions do, he said.
Institutions are often dealing with up to 150 regulatory bodies “that have their own view on what ‘good’ looks like”, and different levels of maturity, different priorities, and sometimes contradictory expectations, Mort said.
“As long as that continues there’s an inevitable drag on business,” he added.
“Without that type of uniformity approach, we will struggle to be as nimble and as agile as our adversaries are.”
Building a strong network defence will be the way to address cyber security in the future, Phil said, concluding that as a community “we are potentially so much stronger than individuals”.