Most businesses understand the normal risks of competition, and an increasing number have sophisticated financial and operational risk management functions. A few may even be alive to the threat of industrial espionage.
Cyber-risk – or information security risk – is different. It arises from the hostile actions of human attackers bent on disabling or defrauding their targets. Few non-financial companies have had much experience of defending themselves against deliberate, intelligent and evolving threats. Banks of course have.
Unlike almost every other private-sector business, banks are used to being attacked. But, as one bank chief information security officer (CISO) puts it: “Banks have always been in the crosshairs. Yes, today it’s ransomware and digital attacks,…
