Addressing cybersecurity as a human problem

December 2013

Cybersecurity has been a prominent topic within the Bank Governance Leadership Network (BGLN) for more than two years. As the economic impact of cybersecurity has steadily grown, the BGLN has engaged with non-executive directors and executives of global banks and other major financial service firms, along with representatives from supervisory institutions, governments, security authorities, and technology experts to address the issue. This engagement culminated in a June 2012 meeting entirely dedicated to cybersecurity. 

The importance of cybersecurity for banks continues to increase, as does the frequency and severity of attacks. Today, there are almost daily reports of cyberattacks on banks. These include distributed denial-of-service attacksdesigned to overwhelm bank web serversas well as theft of customer data and intellectual property. Consequently, various stakeholders have initiated efforts to improve banks’ defenses against cyberrisks; such efforts include governments increasing efforts to protect critical infrastructure, legislatures working on new laws to enable more information sharing, regulators conducting war-gaming exercises, and banks increasing their investments and protections, individually and through industry bodies. Despite these attempts, cyberattack remains a growing threat, necessitating increased attention, understanding, and collaboration both in individual banks and system wide.  

On November 19, 2013 BGLN participants gathered in London to discuss cybersecurity, including its evolving threats, the systemic risk it poses, and the ways that boards should deal with cybersecurity issues. Participants also discussed innovative tactics for improving bank and system defenses. Given the systemic nature of the threat, the meeting brought together critical stakeholders to discuss the issue, including government officials, regulators, bank non-executive directors and executives, and subject-matter experts. For a list of participants, see Appendix on page 11. 

This ViewPoints captures the essence of those conversations, in which five key themes were discussed:

  • Knowing your adversaries

  • Focusing on internal systems

  • Defending an ever-growing security perimeter

  • Responding systemically

  • Strengthening the board’s role in cybersecurity