Treating Cyber-Risk as an Operational Risk: Governance, Framework, Processes, and Technologies
Celent has released a new report titled Treating Cyber-Risk as an Operational Risk: Governance, Framework, Processes, and Technologies. The report was written by Joan McGowan, senior analyst in Celent’s Banking practice.
Celent believes a smarter approach to balancing cyber-risk and innovation is strong top-down governance and the implementation of the National Institute of Standard and Technology (NIST) cybersecurity framework, with the alignment of cybersecurity under operational risk management processes.
Treating cyber-risk only as an IT issue is dangerous. Cyber-risks need to be treated holistically and owned by all.
There are several industry frameworks available to financial institutions. Celent recommends the NIST framework because it is well organized and comprehensive and lets you take advantage of your current operational risk program. Very few institutions, if any, should be going this alone; institutions need dedicated expert partners, and advanced technical capabilities.
“Stop throwing money at cybersecurity technology. Use the NIST cybersecurity framework functions to navigate and manage your technology requirements. Do not purchase in siloes or under pressure. Select the right expertise to identify the issues and the right products. The most important thing is to educate decision-makers on why and how breaches happen,” says McGowan.
“Cyber-risks are weaknesses in people, processes, controls, and operations: the definition of operational risk. Take advantage of your current operational processes and consider adopting the NIST cybersecurity framework,” she adds.