But despite the heightened awareness of cyber risks, banks still face some challenges in building their cybersecurity strategies due to increasingly sophisticated adversaries, rapidly evolving technologies, and multiple regulatory requirements, says the report.
Banks recognize this and are revisiting their security architecture to augment traditional controls with more layered and advanced controls. The focus is on protecting the new digital perimeter: data, identity and endpoints.
“Managing cyber risk is top of mind for all Canadian banks and they are working together, developing strong cybersecurity strategies and sharing leading practices and industry trends,” says Diane Kazarian, national financial services leader at PwC Canada, in a release. “Creating an integrated approach to manage cyber risk solidifies Canada as leaders in this sector.”
Cyber risk is driving the sector’s executives (93%) to invest in stronger investments in cybersecurity strategies, notes the report. As banks look to strengthen their cybersecurity strategies, there are three lenses (external, internal and regulatory) they need to take into account.
- Greater awareness of what’s happening external to their organization as it relates to cybersecurity, including new technologies and changes in the geopolitical landscape.
- Consider how internal factors, acquisitions, new digital services and organizational restructuring could impact their cyber risk profile.
- Understand the expectations and requirements of regulators, especially banks operating in multiple jurisdictions.
Collaboration with fintech companies for cybersecurity assessments of joint initiatives is also important, the report says. Fintechs understand the technical portion while banks know their customers and regulations.
With increased pressure from regulators to have sound cybersecurity strategies, banks are turning to engage new digitally-savvy talent. According to the report, investing in such talent is key to sustaining a long term strategy and achieving and maintaining the highest levels of security that customers and stakeholders expect of the sector.