FSTC | Financial Services Technology Consortium

Convergence of Physical and Cyber Security with Operations and Risk Management - Dan Schutzer, Executive Director, FSTC

Traditionally banks have managed physical and cyber security through separate units, often not under the same management. The people in these two functions generally come from entirely different education disciplines and work backgrounds. Furthermore these two functions are generally not directly related to the design and development of the business systems and operational processes, and are not part of the overall Risk Management oversight process. Credit and market risk functions are generally separate and not integrated with operational risk management.

As security and resiliency represents an ever increasing risk, and both the threat and countermeasures and defenses grow more sophisticated, many are beginning to realize that these functions need to be better integrated with each other, with the design, development and operation of the FI products and services, with human resource functions, such as training, and with the management of operational, market and credit risk. For example cyber and physical attacks can be coordinated, making the threat of service denial more crippling than either attack separately. Sensitive information can be stolen and tampered to achieve all sorts of objectives ranging form Identity theft, to manipulating financial ruin. These attacks can affect an organizations reputation, finances/assets and customers trust and financial well-being.

The time has come for management to explore how to better coordinate and manage their people and resources applied towards physical and cyber security, new product development, operations and maintenance and risk management in a more unified fashion, measured and managed through common metrics. Wouldn't you agree, the time has come to reflect on how organizations should be organized and managed, and what processes should be established, to address these issues most effectively?