The Institute of International Finance (IIF) and McKinsey & Co. have completed a joint survey and research project around cyber resilience to provide an understanding of current and planned practices that financial firms are undertaking to enable and strengthen firm-level and sector-level cyber resilience. 27 globally-active firms participated in the survey and more than 50 companies participated in group discussions in meetings we convened with CRO’s in the Americas, Asia, Europe and the Middle East.

The report “IIF/McKinsey Cyber Resilience Survey: Cybersecurity posture of the financial services industry” focuses on four different areas: firm-level cyber resilience, sector-level cyber resilience, costs and FTEs and next-generation trends. A key theme is around building up cyber security controls around supply chains, including third or fourth party risks, in areas such as vendor remote access management, activity monitoring and concentration risk.

Challenges reported by firms are regulations, cloud adoption, digitization and the talent gap. Firms said they are active in platforms to share threat intelligence and participate frequently in sector-wide cyber exercises. Automation is seeing extensive adoption soon to be followed by elements of cognitive computing. The document also includes a number of recommendations and industry practices, collected through the survey, that companies can draw on to enhance their cybersecurity posture.