Martin Landless, Vice President for Europe at LogRhythm, explains how financial services can keep pace with outside threats.

It is more than possible to remain at the forefront of the digitalisation of the industry and to keep secure, but to do so relies upon focusing on a confluence of people, process and technology. Through this holistic focus, a culture of cybersecurity can be created that protects the important institutions through which it is fostered.

Simply put, cybersecurity is now an integral element of financial services. After all, assets and interactions have moved online. However, in the face of a cyberattack, a company can be subject to a costly halting of operations, a colossal hit to consumer confidence and a General Data Protection Regulation (GDPR) fine from which it might never recover. This is especially true throughout the COVID-19 pandemic, where, according to the National Cyber Security Centre (NCSC), cyberattacks are reaching fever pitch.

A mature security organisation

By their very nature given the sensitivity of the data they manage, financial services organisations must have a mature security operation in place to deal with the threat actors they attract. The maturity of a security operation can be measured by two important variables: mean time to detect (MTTD) threats and MTTR (mean time to respond) to them.

Reducing MTTD and MTTR is crucial and can be achieved through technological solutions which allow for the automation of workflows; this frees up the vital time of security teams to focus their attention where it is most needed. This is especially important in an industry facing a stark skills shortage, with the UK Government finding that 48% of businesses have a cybersecurity skills gap in 2020. Visibility is another salient variable, as cybersecurity teams must be able to immediately see shifts in behaviour in the network to recognise imminent threats as they arise.

Simply put, cybersecurity is now an integral element of financial services.

However, although technological innovation in the security response is a foundation of an effective culture of cybersecurity, this alone will not guarantee safety from attack.

Communication with the board

It is upon the CISO and their security teams to make sure cybersecurity takes important precedence in the minds of all who work at an organisation – after all, it takes one employee falling victim to a phishing email to compromise a business. At the board level, CISOs must ensure that executives understand the challenges security teams encounter as an organisation navigates business dynamics.

As with all things, communication is vital in this pursuit. An aspect of this is in quantifying to the board the benefits and return on investment an effective security posture can entail. One method that a CISO can use to create a high trust environment is through partnering a member of the board with the security team.

This partner can articulate perspective to the team from a purely business standpoint, allowing the team to produce intelligence to the overall board that exhibits the business value of the security operation centre’s (SOC’s) methods and goals. This collaborative approach will encourage the understanding security teams have for business goals and the board’s understanding of security necessity.

Security through business growth

One common event that may be viewed in a different manner by the board and security teams is when an organisation encounters business growth. Although such growth may represent that a business is in robust health, it also facilitates multiple avenues through which a company can come under cyberattack.


For a start, cybercriminals keep close watch of business news and will be aware of a company’s raised profile. In the event of new staff, through partnerships or increased employment, security teams must make sure each new employee is vetted and safely added to the system. In the case of acquisitions, security teams too must effectively monitor new structures that are added to the network, and third-party connections with whom they are not yet familiar. Indeed, a Gartner study earlier this year identified third-party cybersecurity risk as a key concern for half of legal and compliance leaders.

Key to this issue is the question of security budgets, and it is here board-level support is important. Traditional security budgets are often determined in advance and follow two common pricing models used by security vendors. These are the user-based model and capacity-based model; in the face of growth, both are fixed, and may leave security teams making difficult decisions as to where they safeguard their organisations.

Executives should instead employ a subscription-based model that offers the guarantee of scalable security at a determined rate; this will greatly alleviate the stress felt by security teams in what often should be an exciting time for an entire organisation.

Changing security budgets to better facilitate the work of SOCs represents a culture of cybersecurity being put into practice. Technological solutions are provided based on an understanding between security teams and the board on what is needed, allowing for better performance in MTTR and MTTD.

The future lies in cybersecurity

As Covid-19 has forced unprecedented circumstances and a wave of cybercrime upon security teams, it is as incumbent as ever for a culture of cybersecurity to be fostered within financial services organisations. Simply refusing increased digitalisation as a means for security will see companies become obsolete in important areas such as customer experience, where their competitors will be innovating. Instead, a holistic approach encompassing people, process and technology will be vital to forging a secure path forward in the financial services industry.