In the digital era, trust is not just a cornerstone but the bedrock for financial institutions, reflecting customers' confidence in the institution's ability to safeguard assets, ensure privacy, and maintain transparency and business continuity. Built on reliability and security, trust in the financial services sector is vital; its erosion can lead to costly remediation, legal ramifications, and irreparable damage to client relationships.
Emerging technologies such as artificial intelligence (AI) are reshaping the sector, and while these technologies have the potential to bolster trust by improving security and transparency, they also introduce new risks like data and privacy concerns. For instance, 91% of Singaporean organisations experienced two or more identity-related breaches in the past year, largely due to the rise of machine identities from multi-cloud and AI usage. Financial institutions must carefully balance innovation with robust security measures to maintain trust and resilience in the digital age.
But how can financial institutions ensure strong security protocols and best practices that are fit for purpose in the digital age?
Setting the tone through leadership
As cyber threats evolve, financial institutions must prioritise cybersecurity as a core organisational component rather than a secondary expense. This cultural shift is crucial for safeguarding assets and maintaining trust in a digital world.
Leadership plays a pivotal role in both nurturing and championing a cyber-aware culture. By actively participating in cybersecurity efforts, putting in place the conditions for employees to buy into the importance of good cyber hygiene, ensuring the necessary investment in cyber, and staying updated on emerging threats and technologies, an organisation’s leaders can set the tone for the entire organisation. Research shows that companies that regard cybersecurity as a strategic priority rather than a back-office function tend to achieve better security outcomes.
See also: Biometrics and generative AI: Friend or foe of cybersecurity?
Prioritising cybersecurity begins with getting the basics, such as cyber hygiene, right. Companies can leverage industry resources and guidance, such as FS-ISAC’s recently launched Cyber Fundamentals tool, to guide company policymaking and best practices, helping them implement a holistic, whole-of-organisation approach that emphasises a strong cyber-aware culture.
Organisations should also ensure that Chief Information Security Officers (CISOs) are involved in corporate decision-making, giving cyber a voice at the top table. Leadership must also establish robust communication and incident response mechanisms and advocate for proactive measures like regular cyber resilience exercises and clear incident reporting guidelines.
Continuous education and training of employees are also critical. Leaders who visibly champion cybersecurity and integrate it into organisational priorities send a strong message about the importance of protecting resources and reputation, thereby enhancing resilience against cyber threats and demonstrating a steadfast commitment to safeguarding operations.
See also: AI agents will serve you now
Making cyber resilience a culture and way of life
Cyber resilience—which involves prevention, detection, response, and recovery—goes beyond traditional cybersecurity by emphasising continuous adaptation and preserving stakeholder trust. It ensures sustained business continuity even in the face of attack and, when successful, should demonstrate an organisation’s capacity to maintain and enhance trust before, during, and after a cyber incident.
For cyber resilience to be truly effective, it must be integrated into every aspect of an organisation, making cybersecurity and operational resilience a collective responsibility. With 56% of Singapore firms affected by deepfake fraud, cultivating a culture of resilience through employee education and vigilance is vital.
By educating all staff on the importance of cybersecurity and their role in maintaining it, organisations ensure that everyone understands the need for proactive measures and is equipped to respond effectively to cyber incidents. Continuous training and awareness empower employees to stay alert and mitigate potential threats.
Establishing a robust cyber resilience framework and processes —encompassing regular security audits, timely patch management, and rigorous incident response planning—is essential for countering emerging threats. Integrating advanced technologies such as AI-powered threat detection, automated incident response systems, and robust encryption protocols further strengthens defences and enables swift recovery.
Cryptographic agility is also a must in today’s evolving threat landscape, as it enables financial institutions to change encryption quickly and efficiently in response to threats and technological advances. Together, these measures reinforce security and reassure stakeholders that the organisation is proactively safeguarding their data and staying ahead of new and evolving threats.
As organisations grow, appointing a Business Information Security Officer (BISO) can be key to aligning cybersecurity concepts and strategies with business needs and fostering effective coordination. BISOs often report to CISOs, which connects business goals to cybersecurity needs and enables a continuous learning environment – an effective approach to keeping institutions adaptable and ahead of evolving cyber threats.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Additionally, working with third-party suppliers to evaluate and improve their cyber practices is vital, as their cyber maturity can directly affect your organisation's threat landscape. The MOVEit supply chain hack that happened in 2023, where a zero-day vulnerability in the widely-used file transfer software led to data breaches for numerous large organisations, including the BBC and Zellis, underscored the importance of assessing the cybersecurity posture of one’s supply chain to manage third-party cyber risks properly.
Cyber resilience is not a one-time task that can be checked off a list but a dynamic and ongoing process – hence the need for cryptographic agility – that requires financial institutions to regularly assess and update their framework to adapt to new vulnerabilities and emerging threats. Organisations must stay informed about changes in regulations, technological advancements, trends in AI and cybersecurity, and evolving risks to keep their defences strong.
Building resilience through industry collaboration
Financial institutions cannot achieve cyber resilience in isolation. Forming strong collaborations with other institutions and vendors is essential and facilitates the timely sharing of threat intelligence, which is crucial for staying ahead of cyber adversaries. This approach enables early detection of emerging threats and the coordination of sector-wide responses to major threats and disruptions.
Additionally, the growing complexity of fraud schemes emphasises the need for financial institutions to strengthen their infrastructure while ensuring customer protection. In building collective resilience, industry bodies such as FS-ISAC are also pivotal in advancing anti-fraud efforts, including intelligence alerts and analysis, facilitating information sharing and collaboration across sectors, and issuing industry guidance on fraud risk management.
Engaging with industry organisations such as FS-ISAC allows institutions of all sizes and resource levels to benefit from industry guidance and real-time intelligence, fostering a more robust and collaborative security environment and bolstering the industry’s collective defences.
Balancing innovation and security
Innovation is imperative for the progress of financial institutions, but not at the expense of security. Sustained confidence in these institutions hinges on their consistent ability to protect and recover from cyber incidents. When security measures are sidelined, the consequences for trust can be severe and costly.
Cyber resilience requires a whole-of-organisation approach, starting with leadership and embedding security into daily operations and organisational culture rather than treating it as just an IT function. Effectively addressing cybersecurity challenges also calls for industry-wide collaboration to develop comprehensive strategies and share best practices and information, ultimately strengthening the overall cybersecurity posture for all. By embracing this holistic approach and fostering collaboration, financial institutions can not only safeguard their operations but also reinforce the trust that is integral to their long-term success in an increasingly digital world.
Christophe Barel is the managing director for Apac at FS-ISAC
