The outside-in mindset (where cyber threats are treated as external influencers) leaves financial institutions in a reactive mode and needs to change. The inside-out approach (where cybersecurity is aligned to business priorities and is adaptable to an ever-changing threat landscape) will prove much more successful in the long run. Instead of thinking of cybersecurity as an IT-level concern, it should be treated as a business-level matter, meaning that every individual employee and third party who may have access to sensitive data and environments needs to understand and take seriously cybersecurity risks and concerns. Similarly, cybersecurity professionals need to be included in business conversations as cybersecurity needs to be considered when making high-level decisions about priorities, directions and new products/services.
Perhaps the hardest part for financial institutions is the cybersecurity talent gap that makes it difficult to find and retain qualified cybersecurity professionals. Outsourcing, however, represents a viable and cost effective solution that can provide broader insight as well as access to expertise that is challenging for individual institutions to develop internally. As long as roles are clear, communication is emphasized and goals are set, outsourcing cybersecurity operations – in part or whole and for long or short periods of time – can have great results.