I’ve had the pleasure of working with a variety of clients—across many verticals—and seeing firsthand the challenges each one is facing with regard to governance, compliance, and technology risk.

In recent months, our clients in the financial services sector have been undergoing an enormous transformation in risk management, perhaps more than any other sector. The reason is clear–the bad actors are following the money. We’ve tracked a more than 300 percent increase in cyber threats to our financial services clients, and it has made our security approach more systematic and robust to meet this increasing risk.

Through our significant client experience, we’ve identified four commonalities with which financial services clients most commonly need assistance.

1. Governance–We often hear clients claim that they are small and no hacker will bother with their organization. Because of this, they may take a lack-a-daisical approach to cyber security threats. They don’t wish to incur an expense until a threat materializes.

Our solution is to establish a formal policy and procedure document list. Having the documents is extremely useful; however, the actual process of creating the documents helps develop the nascent steps of a robust cyber security plan.

Case Study: One client never had any written policies and, hence, no formal reason to adhere to a set of guidelines. We worked with them to draft and implement a strong governance, risk, and compliance (GRC) program. Employees have noticeably changed their technology behaviors, and a recent records analysis shows a marked lowering of cyber threats.

2. Cyber Education–Almost all attacks we have seen in the last year have been directed at a CFO or accounting staff person. Many of the financial institutions we work for feel falsely confident that they have enough knowledge to safeguard assets because they work in financial services and know how transactions occur.

This illusionary sense of confidence is misplaced regarding cyber security. We always recommend a client, no matter their size, to have a cyber-education program and educate employees on the latest trends and examples of how smartly hackers can use extremely sophisticated techniques to launch a cyber-attack on their financial institution.

Case Study: A client with less than 25 employees thought they would be immune to hackers. They were astonished to find an employee had clicked an email that allowed a bad actor to access their network and re-route a seven-figure wire transfer from a client. We deployed a quarterly email phishing campaign to test and, more importantly, educate employees on how to spot questionable characteristics of a cyber threat.

3. Regulatory Benchmarking–The standards to which financial institutions have to comply are high. There are also constantly changing regulations around anti-money laundering and know your customer, for example, that are making our financial services clients think twice about how to handle these new, ever-evolving initiatives.

Updated software is being used to manage the deployment of new regulatory requests, which are helpful in creating automated processes. Our clients are now looking into robotics process automation (RPA) tools to create efficiencies in processes, but also to help safeguard assets.

Case Study: One of our financial services clients would take almost four weeks to perform background checks necessary to open an account for a client and then register those clients in the appropriate systems. Recognizing they were losing business because of this overly elongated client experience, they deployed RPA tools that lowered the client onboarding time from four weeks to two days, while also improving their security, and creating a strong client brand loyalty program.

4. Crisis Management–Since COVID-19, our financial institution clients have pivoted into taking a more proactive stance on planning for business interruption and planning scenarios, while adhering to a strong technology security position, as they are feeling the impacts of heightening hacking in the sector.

Backup and disaster planning has been in the technology ecosystem for many years; however, a proper business continuity plan has been foreign to many of our financial services clients. Shifting to a working-from-home model has fundamentally changed how they handled client data and interacted with sensitive financial systems.

Case Study: One client had a robust set of security protocols for their office to protect their data and the transmission of trading information to a datacenter. Now, in the new normal, they did not have the same protocols in place. Our security team enhanced procedures for how they can operate their trading systems from distributed home environments and created a security posture that is flexible for the future should another crisis arise.

Although many of our clients have had to adjust their security posture during the pandemic and as they return to the office, we’ve seen the bulk of our activity with our financial services clients. This extra attention is being placed in proactive measures to ensure that there are a stated set of protocols. These protocols include inherent flexibility moving forward and IT security measures that are consistent and can adapt to meet client needs given multiple external threats.