Carte blanche

“Cybersecurity, more than an IT issue”

Retour au dossier


Cybersecurity is more than just a technical issue, it is a global imperative. There is an arms race between hackers and organisations. Responsible companies must address cybersecurity all the way up to the C-suite, define robust and broad strategy, consider third-party partnerships and seek out the best talent to win the war.

In 2014, Luxembourg’s Computer Incident Response Center (CIRCL) received 83,610 reports of cyberattacks in the Grand Duchy. That figure had risen 18 times compared with the 4,500 incidents reported in 2011. According to CIRCL, half of these attacks were attributed to cyber criminals attacking companies and individuals for financial gain.

If this sounds concerning, it should be. Erik Brynjolfsson, director at the MIT Initiative on the Digital Economy, recently sounded the alarm on poor cybersecurity standards at the Barclays Asia Forum in Singapore. “Whenever I talk to the real cyber experts, they tell me the lights are blinking red, that we’re so vulnerable and we need to do a lot more to make our information system secure,” he said. In tackling this issue, he pointed to some existing options, such as making sure you are using two-factor authentication on your accounts where it is available.

According to the recent KPMG 2015 CEO Outlook Study, which surveyed over 1,200 chief executives, half of the CEOs reported that they are not fully prepared for a cyber event. On the other hand, cybersecurity was named by 20% of respondents as one of the top five business risks after the related issues of third party and supply chain risks. We could conclude that while there is some recognition of the severity, there isn’t yet a similarly developed level of understanding on how to tackle cybersecurity issues. 

Boards and executives need to be more proactive into the evaluation of the cyber risk, concentrating investment not only on prevention.

Nasir ZubairiNasir Zubairi, CEO (The Lhoft)

Because cyber incidents are becoming more frequent, recurrent and sophisticated in a world with data, and information stored on systems is becoming more critical and valuable, it is paramount to get a grip on the issue at all levels of an organisation particularly building knowledge and understanding at executive board level to best define cybersecurity strategy. Boards and executives need to be more proactive into the evaluation of the cyber risk, concentrating investment not only on prevention, but shifting some resource and focus to the tasks of detection, response and recovery to become fully cyber-resilient and mitigate risks. 

By making cybersecurity part of board strategy and corporate culture, firms manage risk better, protect the business value and reputation better, and deliver more peace of mind to your customers and stakeholders. Strong cybersecurity is an asset for a business, a tool to build trust with customers. Accountability for incidents ultimately rests at the top of the firm, so executives must lead by example in raising awareness and knowledge of cyber risks in their firm for their own good. 

Fintech companies: a strong ally to fight cyber crime and bring value

To beat a hacker, you need to think like a hacker. 

Hacknowledge has developed security monitoring solutions that will help shorten the time between breach and detection with the ultimate goal of stopping IT threats to any network. Their solution is built on experience and intelligence gained from over a decade of penetration testing and mitigation of threats. The objective of the penetration testing team is to identify weaknesses and report them to the persons in charge of the system, so that appropriate measures can be taken and the level of information security improved

Manage, secure and value your data 

Cyberhedge is the only company able to measure the changing impact of cybersecurity risk on shareholder value. They help companies better measure, manage and communicate the value of their data and information technology assets, a critical source of shareholder value

Tackle cyber risk at the source 

Secourriel is a cybersecurity fintech providing contract ready messaging for sensitive content and an instant legally binding receipt. The solution offers bank-grade IT security, being completely run in a Luxembourg Tier IV data centre, matching secure operations and development procedures compliant to CSSF and CNPD regulation.

Seek out and work with the best – unfortunately the best are unlikely to be in your organisation, nor will it be easy to hire them. 

Cybersecurity challenge: recruiting and retaining the cybersecurity talent.

It is a fact that today most players in the financial services industry face a real shortage of cybersecurity talent.

Nasir ZubairiNasir Zubairi, CEO (The Lhoft)

“Cybersecurity skills are very specialised. You cannot just expect these skills to be developed in a large company without some new talent coming on board. Companies need to recruit new talent and also train the rest of their teams.” Tuck Rickards, managing director, Russell Reynolds Associates. 

It is a fact that today most players in the financial services industry face a real shortage of cybersecurity talent. Supply is limited while the demand is high. Where do these experts want to work? How can I access their talent and expertise? The best IT talent does not want to work in banking and financial services. The culture and environment today is not attractive. In turn, the best cybersecurity talent is paid handsomely by the tech giants and specialist consulting firms; unmatched by the finance industry. Can institutions really change enough to attract and retain the talent they so desperately need in this area, given the sizeable impact and growing likelihood of major cyber intrusions?