As digital transformation accelerates, Swiss financial institutions encounter a challenging cybersecurity landscape, with insider threats emerging as a critical risk. Insider threats – risks from employees, contractors, and third parties with legitimate access to sensitive systems and data – require proactive management beyond traditional compliance. Simulations provide a vital tool to prepare teams for quick, compliant responses in real-world crisis scenarios.
The rising complexity of insider risks
Digitalisation has broadened access to sensitive systems and data, introducing new avenues for insider risks. Factors such as economic pressures and increased remote work drive the complexity of managing these threats. As incidents increase, exemplified by the recent incidents caused by North Korean threat actors, it is essential for organisations to adopt robust insider risk management practices. Our recent whitepaper on insider risks details these factors.
Insider risk simulations: beyond theory
Despite growing awareness, many organisations remain unprepared for insider threats. According to PwC’s Digital Trust survey, only 22% of Swiss organisations have conducted cyber simulations, compared to 37% globally. Furthermore, European cyber resilience stress tests in the financial sector have shown that cyber simulations are not occurring frequently. This gap underscores the importance of simulations within risk management strategies, helping organisations build resilience against complex threats.
Real-world scenario training
Simulations extend beyond compliance, immersing crisis teams in realistic insider threat scenarios, honing their understanding of the trade-offs necessary to meet legal, HR, PR, security and crisis management elements essential to an effective response.
Common scenarios explored
- Limited evidence: If an insider is suspected but evidence is weak, how can access be restricted without violating privacy? Immediate action may not always be possible; monitoring could be an alternative.
- Amnesty for assistance: Post-incident, an insider might offer help in exchange for immunity. How can you balance containment with ethical concerns of negotiating with a complicit party?
- Handling leaks: If an insider leaks sensitive information, maintaining public trust is critical. Should the organisation use proactive or reactive communication? What if the employee is being extorted and the blackmail is still underway?
Each simulation scenario is based on current real-world events, and tests the team’s ability to balance legal, ethical and operational demands while managing potential public perception, legal and operational impacts.
PwC’s commitment
At PwC, insider risk management is seen as a path to resilience, not just compliance. Our tailored simulations help Swiss financial institutions align with regulatory frameworks while strengthening their cybersecurity posture.
How does the Cyber Resilience Act relate to existing standards such as ISO?
The CRA leverages existing standards, particularly those from ISO, to establish a robust cybersecurity framework for products with digital elements. While no single standard comprehensively covers all CRA requirements, the combination of various standards provides a strong foundation for compliance. Therefore, even if certain products are complying with standards such as for example ISO, it is still relevant to check for potential gaps in relation to the CRA.
