Figure 3: Capital Markets value chain
The potential risks posed by insider threats within the Capital Markets include:
- Initiation of fraudulent / non-compliant trades
- Disclosure of confidential client and account information, resulting in loss of trust and financial damages to the clients and penalties to the institution
- Destruction/ tampering of digital assets
- Disruption to critical market exchange infrastructure, clearing and settlement systems
- Loss of intellectual property
The impact of Insider Threat is pervasive across Capital Markets. Organizations are required to keep up with the regulations and protect sensitive data. On the other hand, they must adapt to digital technologies, which raises the risk of cyber-attacks due to increased online presence, more extensive use of social media, and mass adoption of mobile devices. This is further amplified in the current COVID environment with increased Work from Home (WFH) and higher digital channel usage. Cyber-risk issues are becoming more costly to address, and any reputational issue has a lasting impact on customer trust and retention. Regulators demand a much greater level of monitoring and awareness at all levels, with a more comprehensive approach to achieve cyber resilience by including human aspects in addition to technology solutions.
Building a cyber-resilient ecosystem - Holistic approach toward insider threats protection
Insider threats are ongoing, and in today's scenario, it's one of the major threats across Capital Market firms. Insider-threat incidents are caused by a combination of technical, behavioral, and organizational factors. As a result, effective management requires a disciplined, risk-based, cross-functional approach that includes corporate security, information security, legal, Human Resources (HR), audit, and other relevant control functions. The attacks faced nowadays are dynamic, so firms' cybersecurity approaches should also be evolved continuously.
To achieve cyber resiliency in principle, firms should take a holistic approach by focusing on: