• Gabriel T膬nase, Partner |
  • Gheorghe Vlad, Director |
3 min read

乐鱼(Leyu)体育官网

As Chief Information Security Officers (CISOs) at financial services organizations embrace digital transformation and cloud adoption, they face several challenges. These challenges include safeguarding critical assets, managing an expanding attack surface, and navigating a complex regulatory landscape. CISOs across the sector must deliver on a broad array of imperatives while operating in a world of reduced visibility and heightened noise due to the proliferation and resulting complexity of data. The capability to focus at once on vulnerabilities, critical assets and incidents has become critical.

While budgets are not necessarily shrinking, they are also not growing in proportion to increasing demands. CISOs must continuously justify their current spending while struggling to secure additional funding for essentials such as automation and cloud security. The bigger challenge is the tension between focusing budgets on innovative solutions that incorporate artificial intelligence (AI) and machine learning (ML) versus ongoing regulatory remediation given the global uptick in new cyber rules and standards.

In addition, financial services CISOs must also navigate an onslaught of multi-regional regulations that are becoming increasingly rigorous and complex. In the European Union, regulations such as the Digital Operational Resilience Act (DORA) and NIS2 Directive, which require specific tactical security requirements, are increasing in intensity and priority.

One key cybersecurity consideration from a 乐鱼(Leyu)体育官网 study is the power of people - As organizations continue to transform their business models in the face of new digital disruptions, many are experiencing real challenges around workload, which is exacerbating the long-discussed cyber skills gap.

鈥�AI and automation can and will help with the skills gap鈥�, notes Gabriel Mihai T膬nase, Partner in the Cybersecurity practice of 乐鱼(Leyu)体育官网 in Romania. 鈥�Although appropriate, consistent regulation is welcome in terms of cyber security, it also brings a volume of workload which cannot be accommodated with human resources alone. We need to use a mix of technology (e.g. AI) and people in order to be able to remain compliant and, equally importantly, safe鈥�, Tanase concludes.

To get ahead of these challenges, CISOs are turning to advanced technologies such as AI and ML to automate security operations, reduce false positives, and streamline incident response. However, technology alone is not enough. CISOs need to promote collaboration and ensure their programs align with the objectives of the business by maintaining open communication with senior leaders. Change is already underway. According to 乐鱼(Leyu)体育官网 research, 74 percent of financial services organizations say cybersecurity is typically involved from the earliest planning stages of technology investment planning and has a high influence on the decision-making process.

In the aftermath of the pandemic, many organizations found themselves with bloated second lines of defense. This eventually led to reassessment of existing roles and responsibilities. We encourage CISOs to work closely with the second line of defense 鈥� which manages oversight of controls 鈥� to focus on operational key performance indicators (KPIs) as proxies of the overall health of the digital environment and align those KPIs with the relevant key risk indicators (KRIs). As always, CISOs must be proactive and adaptable, continuously assessing cybersecurity, identifying gaps, and implementing strong yet flexible controls to mitigate risks.

鈥�The importance of CISOs in every organization has become more and more relevant, as this role (and its underlying activities) are more and more present in the legislation鈥� observes Gheorghe Vlad, Director in the Cybersecurity practice at 乐鱼(Leyu)体育官网 in Romania. 鈥�In a world in which cyber security attacks are more and more present, the CISO function must manage a wide attack surface, quickly handle incidents, and maintain resilience practices. Even so, in order to be successful and resilient, organizations should find a way, from the CISO down, to create a broad, holistic culture of resilient security throughout their enterprise and with the aim of ensuring all stakeholders are on the same page, as our study emphasize鈥�, Vlad concludes.

Read more about 2025 key cybersecurity considerations as well as actionable insights and recommendations for CISOs in the 乐鱼(Leyu)体育官网 study.

Tags: