The Bedel Security Blog

Bank Management: 5 Ways a CISO Can Help Drive Innovation

Written by Chris Bedel | May 23, 2017

Banks Need Innovation 

Banks and credit unions are finding themselves in a very competitive landscape.  Technology is moving faster than ever.  Fintech companies are trying to disrupt the banking model.  Customers are demanding the latest products, and they want them today.  Financial institutions that don't embrace innovation will find themselves irrelevant within the next five years, if not sooner.

Innovation Has a Price

Innovation in banking can come at a cost, though.  New technologies expose the organization to new threats that require new controls.   New vendor relationships present cybersecurity risks that must be mitigated through upfront and ongoing due diligence. 

In years past, and even today, this is where some financial institutions put the brakes on.  The risk of the added complexities outweighed the rewards.  Or worse, decisions were made without fully understanding the risks, and were based instead on fear, uncertainty or doubt.  

Those organizations may have even found their CISO leading the charge against innovation.  With no incentive toward business goals, the CISO found themselves managing more risk with innovation, without any reward.

But a CISO Can Help

The good news is that we are in a time where the CISO position is evolving from simple stating: "it's too much risk" to instead asking: "how do we get the risk to an acceptable level?".  The CISO of the future brings a balanced business approach to manage cyber risk, rather than just avoiding it.  

Here are 5 ways that can be achieved:

  1. Align your culture.  First things first: this has to start at the top.  The Board of Directors has to actively learn about cybersecurity risks and understand what accepting them means.  Executive Managment must reinforce that it's a team effort when it comes to cybersecurity.  If you just tell the CISO to "keep us out of trouble", don't be surprised when they drag their feet in supporting an initiative to implement your latest fintech initiative.
  2. Involve the CISO with Executive Management to align with business goals.  Your CISO can't just be entrenched on the technical side of the position.  To make good, risk-based decisions and recommendations, they have to be in tune with the strategic direction of management and the board.
  3. Encourage cooperation between the CISO, IT, and other decision makers.  The CISO can't operate from an island.  They must work with other business units to educate on risks, but to also get feedback on the process.  Are there barriers to innovation that could be removed?  Are there alternatives that could reduce the risk?
  4. Work with your CISO to develop efficient processes for onboarding new technologies and new vendors.  Nothing kills innovation like a drawn-out or disorganized vetting process.  Developing efficient, risk-based processes to select and review technologies and vendors will shorten your time to execution.
  5. Be open to creative risk mitigation strategies.  A good CISO finds ways to make innovative projects successful, rather than being the roadblock.  Problems will arise anytime changes are taking place.  Be open to new ideas that will get the risk to an acceptable level.  This could include contracts stipulations, technical controls, procedural changes, insurance, independent audit, etc.

Closing

Innovation is risky, but so is avoiding it.  The financial institutions that work to offer their customers new products and ideas in a secure way will find themselves on top.  While there are many components to innovation in the banking industry, the CISO position, whether conventional or virtual, plays a big part in its' success.
View full post