by Jennifer Lonoff Schiff

8 challenges that keep financial services CTOs and CIOs up at night

Oct 06, 2016

Experts in financial services, IT, security and compliance discuss the major issues facing IT executives at financial services companies.

Being the CTO or CIO of a financial services provider is harder than ever in today’s data-driven, hacker-plagued digital world. In addition to making sure the organization’s systems are operating smoothly at all times, they face a number of technology- and compliance-related challenges, issues that if not addressed could cost their organization millions – even billions – of dollars.

Here are eight of the biggest challenges, the ones keeping financial services IT executives up at night (or at minimum giving them a major headache).

1. Data security

“Security and risk management are high on the list of concerns that keep CIOs and CTOs up at night, especially at the rapid rate that the threat landscape is evolving,” says Josh Crowe, CTO, Sungard Availability Services. “They constantly mull over whether their customers’ assets and data are secure, and even question the security measures protecting their own IP. The speed at which hackers are finding ways to infiltrate technology can mean near constant reevaluation if they are remaining sufficiently vigilant.”

“Security is the thing that keeps me up at night,” says Michael Thorne, CTO at Bristlecone Holdings. “Nothing else compares. It is never done. The minute you think you’re secure, you’re at risk again. Being on top of it is nearly impossible. To gain some traction though, I make sure I’m following what’s happening with data security and understand the flaws exposed, I stay up to date on developing tech, and, most importantly, I share information among my peers in groups that promote shared insights to enhance security across the board.” 

2. Data breaches

According to the 2016 Vormetric Data Threat Report — Financial Services Edition, 90 percent of financial services IT executives surveyed said that they felt vulnerable to data threats – and 44 percent had already experienced a data breach.

[ Related: Why IT can’t handle data breaches alone ]

“Increased focus in the areas of data and cybersecurity means that CIOs and CTOs need to appreciate that even in the absence of a data breach, failure to adequately assess and respond to cyber security risk can lead to downgrades in regulatory ratings and potentially punitive action by a regulatory agency,” says Craig D. Miller, a partner at the law firm Manatt, Phelps & Phillips.

[ Related: Defending against insider security threats hangs on trust ]

3. Insider threats

“Given that the vast majority of information loss comes from insider threats, creating a security-pragmatic culture that allows the business to operate at maximum efficiency but in a way that is still secure represents one of the greatest challenges facing [financial services] CTOs,” says Gerry Stegmaier, partner, Intellectual Property, Information and Innovation group, Reed Smith.

[ Related: Confronting the insider threat ]

4. Cyber ransom threats (ransomware)

“Cyber ransom is one of the fastest-growing security concerns around the globe,” says Carl Herberger, vice president of security solutions, Radware. “Every day, ransom tactics are used to target both individuals and companies around the world, and the potential harm can be devastating, shutting down network access, encrypting one’s files and more until a payment is made,” he explains. Dave Packer, vice president, Corporate and Product Marketing, Druva , as well as many other IT executives, agrees.

[ Related: Five things you need to know about ransomware ]

“If they [aren’t] already, [financial services] CTOs and CIOs should be losing sleep about cyber extortion and company data being held for ransom,” he says. “CNN reports that ransomware events are expected to collect $1 billion in 2016, with researchers seeing a 3,500 percent increase in the criminal use of net infrastructure to run ransomware campaigns. It’s not a matter of if a company will get hacked, it’s when,” he says.

To combat cyber ransom threats, financial services CTOs and CIOs need to “understand the current threat landscape and potential attack vectors,” says Herberger. And they “should be taking preventive action to ensure all data is safe, secure and backed up,” says Packer. “It’s literally a matter of business life or death.”

5. Aging IT infrastructures and IT spending cuts

Many [financial services] organizations continue to rely on IT infrastructures that are built on outdated components and are running with vulnerabilities,” says Joseph Pagano, practice advisor, Financial Services, Cisco Digital Transformation Group. The challenge for financial services CIOs and CTOs is to “figure out how to update and proactively maintain infrastructures in order to mitigate security risks and keep adversaries at bay during a time when boards of directors are asking IT to further cut budgets to help meet ROE targets,” he says. “How can CIOs help their firms save money while enhancing operational risk management and cybersecurity capabilities?”

“Companies have invested heavily in advanced technology, from firewalls to SIEM tools, but they’re often forced to prune data due to cost and scalability limitations of tools,” says Don Brown, cofounder & CIO, Rocana. “That means they often can’t shed light on events that happened months ago, putting them at risk of attacks that lay dormant for weeks or months. To sleep well at night, IT leaders need… solutions that allow them to collect all data from all sources and keep it accessible and searchable in real-time for advanced forensics.”

6. Compliance with government and industry regulations

Companies operating in the financial services sector must comply with a host of government and industry regulations. And adhering to these regulations, as well as keeping abreast of new regulations, often falls to the CTO or CIO.

“The Bank Secrecy Act (BSA) and anti-money laundering compliance [in particular] has taken a toll on CIOs and CTOs for years,” says Larry Larmeu, managing director, L2 Digital. “Banks have to comb through transactions for possible fraud and report them to the federal government. Some banks have over 1,000 employees dedicated to this alone,” he reports. “New data analytics capabilities are lessening the burden for some banks, but some have legacy systems that are difficult to integrate with these big data processing platforms.”

And the BSA is just one of many regulations financial services have to comply with, with new regulations being proposed on a regular basis.

Case in point: on Sept. 13, Governor Andrew M. Cuomo of New York proposed a first-of-its-kind regulation that would require “banks, insurance companies and other financial services institutions regulated by the State Department of Financial Services… to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry.” 

Specifically, the regulation would require “regulated financial institutions to establish a cybersecurity program; adopt a written cybersecurity policy; designate a Chief Information Security Officer responsible for implementing, overseeing and enforcing its new program and policy; and have policies and procedures designed to ensure the security of information systems and nonpublic information accessible to, or held by, third-parties, along with a variety of other requirements to protect the confidentiality, integrity and availability of information systems.” 

7. Data silos

“According to a [recently] released [Liferay] survey of financial industry executives (including many CIOs and CTOs), it seems clear that cooperation between departments – or a lack thereof – is often the source of many headaches,” says John Choi, director of Operations, Liferay. “These leaders want to present a seamless, omnichannel user experience to their customers. However, 56 percent of respondents said access to IT resources is an obstacle, while 46 percent said the fact that different business units own different parts of the customer lifecycle was the primary barrier to addressing the lifecycle in full.”

[ Related: How blockchain will disrupt your business ]

8. New technology (business disrupters)

“As the number of disrupters in the financial services space continues to rise (Venmo, blockchain-based payment systems, etc.) more CIOs and CTOs ask themselves if what they offer, or plan to offer in the near future, will allow them to keep pace or outpace the competition,” says Crowe. “Mobile banking and remote check deposit are old news. The need to unearth and deploy new technologies and systems that will better serve and streamline their customers’ experiences is now of paramount concern for maintaining long-term business viability.”