Technology-based risks are a pressing challenge for firms. While most of the new changes are being driven by the regulator, financial services firms also face increasing risks from cyber threats and digital fraud. In our latest tech risk radar, we analyse the top five risks firms need to deal with to protect their business and customers.

Top five technology risks in financial services

1. Cyber risk management

Cyber risk is a key focus of regulatory, industry and consumer bodies, with cyber attacks presenting an ongoing threat to stakeholders across all sectors. A recent spate of cyber attacks in the retail sector could have knock-on effects on supporting financial services organisations, only reinforcing the need for firms to have dedicated protection in place.

Regulators have long been pushing for closer supervision of third parties, along with cyber information and intelligence sharing supported by robust cyber incident management. These demands are also being reflected within businesses, with boards and executives seeking closer assurance over management of cyber risk, including at third party and cloud service levels. Yet gaining coverage of the full estate for cyber protection, financial malware and backlogs remain significant challenges in remedying vulnerabilities.

Key to adapting and responding to this risk is improved and focused cyber risk management and cyber resiliency through effective threat intelligence, geopolitical awareness, cyber risk quantification and cyber awareness and training. In addition to cross-industry collaboration and sharing of information, financial services firms can better co-ordinate responses, learning opportunities and resilience strategies that protect operations and consumer data.

2. Technology-enabled changes

Change and project-related incidents are leading causes of operational disruption and failure. Poor management of project risks, third-party risks and contracts as well as legacy infrastructure issues are key factors in IT change delays and failures.

Having an effective framework in place for managing programmes and third parties can help to improve project discipline, risk management and third-party oversight. Strengthening visibility and control of major organisational change in turns builds resiliency to digital threats.

3. Regulatory and industry developments

Evolving UK and EU regulatory and industry developments around operational resilience, third-party risk management and payments have led to a lack of clear legislation and guidance for financial services providers. From how firms comply with evolving regulations to how they maintain commerciality and competitiveness, uncertainty is widespread across the sector.

A key aspect of new regulations, such as DORA and PSD3, is the sharing of information, including personal data, between financial services organisations and with regulators. This presents an opportunity in terms of improved resiliency arrangements, incident management and anti-fraud measures. However, these new regulations also pose challenges to how businesses maintain compliance with data protection requirements.

4. Operational and cyber resilience

Regulators in the UK and EU are focusing closely on the operational and cyber resiliency of firms in financial services to protect market integrity and consumer confidence. One area of particular focus is how third-party service providers manage information technology, communication services and information sharing.

Financial services organisations already have operational resilience governance and control frameworks, but the renewed momentum in this area is to further refine important business services, plausible scenario testing, third-party risk, robust incident management and information sharing guidance.

5. Data governance and management

Data is a key organisational asset. Firms need rigorous data collection and storage processes to grow, improve and innovate services and products, integrate business processes and keep data safe and compliant. But with businesses increasingly leveraging data analytics and AI to boost commercial value, they should ensure they have robust protections that minimise the risk of breaches.

Without effective data governance and risk management, businesses face the legal and reputational damage associated with costly data breaches.

Want to find out how your business can protect itself from growing cyber risks? Get in touch today and find out how we can help you.

Related insights