Strengthening cyber resilience in financial institutions: A strategic approach to threat mitigation and risk management
1 Yaba College of Technology, Department of Electrical Engineering (Electronics Options) Lagos, Nigeria.
2 University of Illinois, Springfield – College of Business Administration & Analytics, Illinois, Springfield USA.
3 University of Lagos, Department of Science and Technology, Education. Lagos, Nigeria.
Review Article
World Journal of Advanced Research and Reviews, 2023, 20(03), 2217-2247
Article DOI: 10.30574/wjarr.2023.20.3.2460
Publication history:
Received on 29 November; revised on 5 December 2023; accepted on 14 December 2023.
Abstract:
In cyber threats, financial institutions have experienced more complex cyber risks that would threaten the integrity of their systems, customer information, and financial position in general. Due to the current technological trends within the financial sector, this vulnerability threats’ exposure has grown and is prone to threats such as advanced persistent threats, ransom ware, and social engineering attacks. This review aims at assessing the effectiveness of cyber threat management strategies adopted in the financial institutions and determining the best strategies that can be implemented to improve the current security condition in the industry. This research design used quantitative approach on actual statistical data of cyber incidents from the financial regulators’ databases and informed by qualitative data using semi-structured interviews of cybersecurity managers in financial institutions. Threat intelligence reports, regulatory compliances as well as various benchmarking surveys and reports form the major data sources employed in the research. Independent variables are cybersecurity investments, governance frameworks, and technology deployment strategies, and dependent variables are management of incidents, recovery time objectives, and key resilience outcomes based on the international standard and frameworks. The results indicate that institutions with holistic cyber threat prevention policies have 64% lesser average security breach rate and 2.3 times faster rate of mean time to recovery from security breaches than a traditional cyber security based on a defensive architecture. Financial organizations that had implemented IRM had less disruption of business operations in the cyber-attack scenarios. Additionally, institutions investing in threat intelligence capabilities identified potential threats 47% earlier than those relying solely on perimeter defenses. This study also identified that institutions of greater size were more advanced in the capabilities but on the other hand the small institutions were much quicker in their responses. It is now possible to better advocate not only single focused strategies aimed solely at prevention, but on comprehensive preparedness approaches that bring together considerations concerning prevention, detection, response, as well as recovery capacities. The results imply the call for policy measures that ensure that there are balanced cyber security readiness for the various types of the financial institutions. It suggests protective management of security as a risk factor, adoption of intelligence-led security strategies, and the development of common information-sharing platforms in financial institutions for improved security protection. This review concludes that achieving cyber resilience in the financial institutions is significant when technology control is complemented by organizational controls and people control. It is recommended that the regulatory bodies should endorse progressive security structures since threats are likely to advance over time, and the sectors should foster collaboration and sharing of valuable information. The existing security strategies need to be profoundly changed in financial institutions to focus more on timely detection of threats and ensuring ability to promptly react to them with due adaptations to threats in the future.
Keywords:
Cyber resilience; Financial institutions; Threat mitigation; Risk management; Cybersecurity frameworks; Regulatory compliance; Incident response; Financial stability
Full text article in PDF:
Copyright information:
Copyright © 2023 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0