How firms are using leadership in cybersecurity to win over new clients

Social and regulatory expectations for data protection are rising, while data is also becoming more accessible and leveraged more than ever (powered by AI).

Slip-ups can severely affect client retention and lead to significant costs, with over half of incidents caused by suppliers.

Wealth managers must proactively manage and protect data, ensuring that quality data is classified for AI/ML insights while controlling access and handling data with third-party vendors.

All vendors handling sensitive data must undergo robust Third Party Risk Management (TPRM) training, with tailored cybersecurity assessments.

Leading firms are continuously making quality data easily available for use, while automatically securing the data throughout its lifecycle.

Continuous third party (including supply chain) engagement on security drastically accelerates vendor onboarding and improves supply chain resilience.

Well-governed data can be secured automatically, and leads to better insights, fewer errors and lower costs.

Automatically securing third parties improves time to market, reduces costs and lowers the risk and impacts of incidents.

Digital capabilities and cybercrime are both accelerating exponentially, requiring firms to continuously adapt and evolve their security arrangements.

Record numbers of software vulnerabilities are emerging, and cybercriminals are optimising their speed of exploitation.

Wealth managers need to monitor activities across all channels, utilising new technologies to identify anomalous behaviours.

Patching the most critical security weaknesses must only take a matter of hours or days.

Leading firms are devolving iterative technology release cycles that leverage automated security guardrails to secure innovation (DevSecOps).

Threat fusion centres pre-empt any malicious activity.

Cyber Futures teams prepare for long-tail risks, such as AI and Quantum.

Wealth managers can securely achieve the velocity of technology companies through DevSecOps.

Firms adopt new technology faster, more securely, and become more resilient.

Fusion and Futures pre-empt short and long-term risks.

The growing number of billionaires, especially from SMEs, raises the risk of clients suffering catastrophic financial losses or becoming victims of fraud, typically jeopardising the client-bank relationship.

Banks must monitor account activity, suspicious transactions and unusual behaviours using advanced analytics and AI/ML. Clients increasingly expect banks to prevent “out of the ordinary” patterns in their activity in more intelligent ways.

Leading banks, as well as insurers, are taking an active interest in the cybersecurity of their clients and SMEs. While some have dedicated experts available to consult, others are offering comprehensive cybersecurity solutions and winning thousands of new clients through these platforms.

Extending cybersecurity services to wealthy clients reduces their fraud risk as well as that of the bank, as well as strengthening relationships and overtly projecting digital competence.

The shift to remote working has normalised virtual financial advisory, especially among Gen Z and Millennial clients who expect digital access to banking services.

Smartphones, a primary means of interaction, are increasingly targeted by hackers.

Front office teams are rapidly enabling video conferencing and collaboration technologies, but rely on legacy methods for client identification and authorisation.

Leading firms have integrated secure approvals, calls and video conferencing into mobile banking apps, empowered their clients to directly schedule consultations with specialists, and incorporated in-line voice and video analysis for detecting deep fakes and imposters.

Digital native clients value the empowerment provided by seamless app-enabled wealth management, substantially increasing their mandates at banks offering these security and efficiency gains.

The focus regarding cyber incidents shifted from “if” to “when” a decade ago now, with an increasing focus now being on resilience. Excellent crisis management can actually enhance client confidence and loyalty.

Including incident response teams, public relations and legal advisors in demanding tabletop simulations improves readiness. Running realistic recovery exercises is a regulatory requirement.

Leading businesses overtly increase their internal security and anti-fraud controls in the wake of cyber incidents. Rather than frustrating clients, this “alignment of values” has been shown to increase retention amongst clients, who note the additional efforts being made.

Effective cyber crisis management (resilience) is a standard expectation of regulators.

Demonstrating an understanding of client concerns and alignment of values at a time of uncertainty generates client loyalty.

Regulators, boards and executives are increasingly focusing on the organisational and cultural aspects of cybersecurity. CISOs and DPOs are expected to hold legal liability and maintain independence from service operators to ensure unbiased security oversight.

Most financial firms place their DPO in the 2LoD and ensure that the CISO is a peer to the CIO. Metrics are used to monitor security risk exposure and the role of the CISO is evolving towards a 2LoD position, especially in mainland Europe.

Leading firms are promoting digital and cybersecurity leaders to sit on business leadership committees or even to head business divisions. 

A comprehensive understanding of cybersecurity on the Board (through experts or advisors) and continuous impartial risk appetite reporting in a comprehensible form enables prudent decision-making.

Putting technology and cybersecurity leaders into business leadership roles accelerates the development of ambitious digital strategies.

Developing a culture of continuous vigilance and re-evaluation improves security resilience, enabling firms to stay ahead of evolving threats and maintain a robust security posture.