Do you know what Cybercrime risks your Firm is exposed to?
Cybercrime is an increasing threat to financial firms and their customers. In fact, the National Crime Agency of the UK estimates that cybercrime has now surpassed all other forms of crime experienced in the country. The Office of National Statistics reported that there were 2.46 million cybercrime incidents and 2.11 victims of cybercrime in the UK in 2015.
Cybercrime risk can be broken down into three types: fraud and theft; system destruction or corruption; loss or misuse of sensitive data.
Managing your cybercrime risk should not be regarded solely as an IT matter.
An enterprise-wide response is required which must be driven by your senior management. It should, therefore, be a key part of your Firm’s Enterprise Risk Framework, and you should apply the same principles to cybercrime risk as you do with, say, credit risk or market risk, including:
- A documented policy
- Identification of material risks
- Assessment of inherent risk being the impact times the probability of occurrence
- Identification of key controls to mitigate the impact and probability of the risk
- Calculation of residual risk
- Assessment of residual risk compared with risk appetite set by the Board
Remember also that cyber attacks on a financial institution is a financial crime, and therefore consideration needs to be taken by the MLRO as to whether such events are reportable under the country’s suspicious activity reporting mechanisms.
Assisting with your assessment of cybercrime risk your Firm is exposed to
Knowledge and awareness are key in your fight to protect your Firm from cybercrime. We can arrange training for your staff and presentations for your senior management team to raise awareness of the types of cyber attacks employed by criminals, and highlight the potential vulnerabilities your organisation may be facing.
We can also review your control environment and procedures and identify any areas that may require improvement or enhancement.