Why is Cyber risk the biggest outlier for Capital Markets?

Why is Cyber risk the biggest outlier for Capital Markets?

Published:

October 25, 2021

KRM22 has partnered with Acuiti to develop the Capital Markets Risk Sentiment Index (CMRSI) - a benchmark of how different risks are perceived by Senior Executives across the market and how able they are to deal with them.

The top risks varied significantly by company type (download the free CMRSI for full details here). But overall, there was a clear correlation between where firms had historically invested in technology and how prepared they felt to deal with a specific risk.  

This was a key finding of the index – investment in risk technology and processes doesn’t necessarily reduce the level of the risk faced but it does boost the ability to mitigate it.  

Market risk (covering pre-trade, at trade and post-trade) was a key example. Over the past decade, billions of dollars have been invested in market risk technology across capital markets.  

The result is that, while market risk was the second biggest risk overall and the top risk for banks and proprietary trading firms, it was also the risk that respondents felt best able to mitigate. Almost half of respondents said they were fully able to do so.  

The same is true for the risk posed by regulatory monitoring and reporting and market abuse. Again, there has been significant investment in these areas (spurred on in part by hefty fines from regulators). While these risks both feature highly in the threat they are perceived to pose for firms, they also perform relatively well in terms of how able executives are to mitigate them.

The major outlier to this trend is the threat from cyber-attacks. Cyber risk emanating from an external threat was the top risk identified by respondents overall and a top three risk for all company types.  

However, when it came to mitigation, the risk was 12th out of 16 in how able executives felt able to deal with the threat. This suggests that cyber is likely to be a key target of investment over the coming years and that technology companies and their clients have a long way to go to neutralise the challenges posed.  

KRM22 Commentary on the results of the survey:

The results of this survey clearly show that the respondents feel cyber-security is a major concern to their business. And they aren’t wrong. Cyber-attacks are increasing faster than ever before, and many senior decision makers do not fully understand their vulnerabilities.

According to a report from the security company Kaspersky Lab, a cyber-attack occurs at a rate of around one every 40 seconds and these attacks are indiscriminate. What this means is simple: if a company allows an internet-connected device, they are vulnerable. Worryingly, this report goes on to say that 67 percent of companies affected by ransomware lost part or all their corporate data and one in four victims spent several weeks trying to restore access. Often, the real victims of a successful cyber-attack or security breaches are not those in the organisation, but the customers who have trusted that organisation with their data.

Lindy Cameron, the CEO of Britain’s National Cyber Security Centre (NCSC), recently warned that “Cybersecurity is still not taken as seriously as it should be, and simply is not embedded into the UK's boardroom thinking" and that, “cyber-security should be viewed with the same importance to CEOs as finance, legal or any other vital day-to-day part of the enterprise”.

With the sheer amount of information businesses, customers and other individuals put out there in digital form, it is imperative that steps are taken to mitigate cyber security threats. For this reason, it is essential that businesses work with a professional cyber security company to protect their data and systems.

Having recently successfully completed our SOC2 Type2 accreditation, we at KRM22 are very aware about keeping our customer’s data protected, and over the coming months, we will be providing thought leadership on how to integrate cyber security into a risk-based culture.

Download the full report here: https://www.acuiti.io/acuiti-krm22-capital-markets-risk-sentiment-index/