Heightened cyber threats require greater accountability on governance

Cyber threats have increased significantly over the past year, and experts are advising financial services businesses to enhance their security framework, not only to shield their digital infrastructure but to also to ensure their governance policies remain compliant.

Addressing the Salesforce Financial Services Summit, Salesforce platform, security and AI specialist James Jurd said increasing cyber threats require better accountability on governance.

It comes as the regulatory landscape is rapidly evolving and requires businesses to keep themselves on track, he said.

The Australian Prudential Regulation Authority (APRA) has recently ramped up its supervision on risk management practices for regulated entities, which noted the increasingly sophisticated cyber threats enabled by AI models.

Jurd echoed the regulator's concern, stating that 90% of organisations have reported at least one data breach in the past year.

"There are attacks on critical infrastructure that we need to be aware of... and the fact that 89% of attacks last year were by AI-enabled models," Jurd said.

"It's this constant accumulation of complexity differences [that businesses need to be aware of], and there's obviously greater accountability on boards and directors to make sure that you've got proactive risk governance in place."

He also noted companies of all sizes bear the same risks.

Meanwhile, Julius Anuari, senior administrator from Eightcap - a fintech platform for online trading - also expressed the importance for companies to implement a sound security foundation.

He said as Eightcap continues to scale, the business was outgrowing its legacy customer relationship management (CRM) system, which creates compliance risks in many ways.

"We have many tools that the team had to use across sales and support, not necessarily having a unified usability for customers; they're always coming from an incomplete picture...," Anuari said.

"... and dealing with compliance and onboarding were the same thing, so this was really hurting us."

Further, Anuari emphasised the importance to remain engaged when formulating a security framework, claiming a strategy is just a piece of paper that "nobody reads if you don't own it."

"We [need to] take [the governance aspect] up ourselves, especially with our team and stakeholders... You then realise that you are seeing data as a 'mini warehouse'. The more updates and cleaning of the app, the better it is for everybody," he said.