Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap
Image of a banking professional shaking hands with a customer.

5 steps financial institutions can take to reduce their cybercrime risk

By , General Manager, Cybersecurity Solutions Group, Microsoft

Tags

Content types

Topics

When it comes to cybersecurity, financial institutions are uniquely challenged as they are often a target for hackers. My customers rightly worry about exposing their business and the broader financial system to a security breach. Some are reticent to adopt new technology that will help them stay competitive because of these fears. Yet I don’t believe that financial institutions need to choose between innovation and security. Existing financial processes can be applied to cybersecurity risk management, and cloud technology can help them stay ahead of banking innovation and improve their security. I have five recommendations, outlined below, designed to help financial institutions more effectively manage their risk from cybersecurity incidents.

A key finding in the eleventh edition of the Deloitte Insights Global Risk Management Survey, which reports on risk management trends in the financial services industry, found that “sixty-seven percent of respondents [at financial institutions] named cybersecurity as one of the three risks that would increase the most in importance for their business over the next two years, far more than any other risk.” I’m not surprised that cybersecurity risk has elevated in importance, but for an industry that also must contend with credit, liquidity, and regulatory risk, this finding is a notable trend. In addition, the survey found “the number of cyberattacks against financial institutions is estimated to be four times greater than against companies in other industries.”

The report provides a good overview of how financial institutions are thinking about risk. In response to a data point the survey uncovered, “Only about one-half of respondents felt their institutions were extremely or very effective in managing this [cybersecurity] risk,” I have the following five recommendations financial institutions can take to help them more effectively manage cybersecurity risk:

  1. Expand your view of cyber risk to include real-world implications.
  2. Calculate your economic capital.
  3. Look at fraud and cyber risk in aggregate.
  4. Go deeper and wider on the cloud.
  5. Keep learning.

#1: Expand your view of cyber risk

Stories of security breaches at large corporations, financial and otherwise, have raised the profile of cybersecurity risk across all sectors of life. Everyone from the board of directors on down have witnessed the reputational damage done to respected bands that suffer a large security breach. Beyond the headlines are real-world implications that may not be initially obvious but are still critical. Companies may lose existing customers or see a decline in new customer acquisition. Organizations are sometimes required to shut down systems while they recover from an incident, including physical properties like ATMs. And if intellectual property is stolen, new products may be delayed or scrapped entirely, impacting future earnings. Think broadly about how a cybersecurity event could impact your financial institution, so you better understand what’s at stake. Then prioritize security resources to protect the most valuable parts of the business.

#2: Calculate your economic capital

According to the survey, most financial institutions calculate economic capital for their financial risks, but only 16 percent calculate how much capital will be needed to support cybersecurity risk. As you identify the potential implications of an attack, it will become clear that some could be quite costly to the business, in real terms and in unrealized revenue. An accurate calculation of the economic capital required to recover will help you better prepare and keep your board of directors well informed. For more information on how to talk to your board of directors about security, watch Security is everyone’s business in our CISO Spotlight Series.

#3: Look at fraud and cyber risk in aggregate

The world of cyber and financial criminals increasingly overlaps. Fraudsters have borrowed tactics from the hacker world to gain access to accounts without stepping foot in a physical bank branch. Networks of bad actors, from both the cyber world and the financial fraud world, work together to share data and tools. Preventing these crimes requires collaboration on the defensive side. Anti-fraud and cybersecurity professionals each have valuable backgrounds and tools to investigate and respond to these threats. However, if they are working in silos, they may miss important connections. Institute policies and process, such as cross training and holistic incident tracking, that ensure anti-fraud and cybersecurity professionals are sharing insights and learning from each other. And if you have deep executive support and funding, consider building what some people refer to as a “fraud fusion center,” which brings together anti-fraud and cybersecurity teams to merge this divide.

#4: Go deeper and wider on the cloud

In my work with financial institutions, I often consult with teams that are conflicted about migrating more services to the cloud. My experience is reflected in the Deloitte survey, which found that only 48 percent of survey respondents reported using cloud computing. In many instances, an IT team may be ready to take advantage of cloud computing power, while the security team is concerned about exposing the organization to more risk. I recently spoke to a security team who was struggling to get an IT team on board. Cloud service providers (CSPs), like Microsoft Azure, can help organizations take advantage of emerging technologies, such as machine learning, without the massive investment required to build a team and infrastructure in-house.

The same is true of security. The cloud can help reduce your risk. Azure and other big cloud providers have very strict physical security in their datacenters, such as requiring extensive background checks of everyone who works there, and the use of biometrics for access. At Microsoft, we regularly patch and update our software and hardware, which reduces vulnerabilities. You can also take advantage of the benefits of scale. CSPs can hire the best security professionals, who stay up to date on global security regulations and monitor the current threat environment. CSPs have the systems and analytics to synthesize data across all their services and endpoints to rapidly uncover threats and block them before they impact other customers. Read the Azure Security blog series for more details on how Azure can improve your security.

#5: Keep learning

It’s important to develop a process for staying up to date on emerging technology trends, such as machine learning, quantum computing, and blockchain. Your adversaries are doing their research and will experiment with new technologies as they become available. Understand the latest thinking and try to get out ahead of it. Research can help inspire ideas and spark innovative thinking within your team.

Stay informed

Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Joram Borenstein

Joram Borenstein

General Manager, Cybersecurity Solutions Group, Microsoft

See Joram Borenstein posts

Related posts

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads