I strongly recommend you take some time to read this piece in The Economist on hacking and cyber-security.

As the journalist very rightly points out - cyber-attacks are growing exponentially. This means that financial institutions need to invest more (and in the right way) to try to mitigate cyber risks.

“We recognise that we’re never going to prevent everything,” says the cyber chief of a top American bank. “So we have to have layered defences that assume multiple defences will fail.” And of course, he is spot on. But layered cyber security should refer not only to different solutions at network, systems, application and data levels, but to investments prioritised by company’s business information risk as well, including a particular focus on crypto and digital assets.

We believe that the cyber strategy and operating model, including governance, policies, procedures and technical solutions, should change and evolve at the same pace of attacks. And this evolution and should cover third-party cyber risk management too.

In addition to this, global sharing of cyber information (threats, attacks, vectors, criminal organisations) between banks and public institutions should be improved to better detect possible incidents. The forthcoming EU regulation Digital Operational Resilience [Act] for the Financial Sector (DORA) introduces the principles of guidelines on information sharing arrangements for cyber threats and vulnerabilities.

Global Computer Emergency Response Teams (CERTS), at country and European level, are also starting to have an important role in the global ability to respond to cyber criminals and banks should be more and more part of that network.

To find out more on this I would recommend you speak to my colleague, Lorenzo Grillo.