Cybersecurity in Financial Services and Insurance: A Growing Skills Gap
The digital landscape for financial services and insurance continues to change rapidly. Challenges from COVID-19 and the widespread adoption of technologies like artificial intelligence and machine learning are forcing companies to adapt or risk obsolescence.
But while new technology has brought unprecedented advances in efficiency and ease to the market, it has also brought new risks. As cybersecurity threats continue to grow more complex, they are also growing in prevalence. In fact, BAE Systems found 74% of banks and insurers experienced a rise in cyberattacks between April 2020 and April 2021.
The risks for companies, from reputation to regulatory action, are immense. It’s more important than ever that they prioritize cybersecurity strategies and talent.
The Cybersecurity Skills Gap in Financial Services
According to an Allianz report, the risk of cyber incidents to financial firms outpaces the risks of COVID-19, business interruptions, regulatory changes, and even global macroeconomic shifts. That’s no surprise given the immense trove of valuable data most financial firms possess. With everything from consumer health data (in the case of insurance companies) to login credentials to bank accounts, financial services firms offer all the data criminals need to steal identities or assets.
And while ransomware payments regularly make the news, the real costs of an attack are far greater once you consider business interruptions and lost consumer trust. As financial services and insurance companies move even more operations online, the cost of poor cybersecurity will only continue to grow. To protect customers and their futures, businesses must quickly evolve their cybersecurity strategies to plug existing holes and react quickly to the ever-changing threat landscape.
The dual COVID-related impacts of an increase in cybercrime and a tight labor market have only compounded problems for cybersecurity in banks and insurance companies. And a cybersecurity team stretched beyond capacity is at high risk of insufficient oversight and processes, misconfigured systems, slow patch cycles, and more. These can all present openings for criminals to exploit.
Regulation in the Financial Services Industry
Further, financial services and insurance are highly regulated industries. The standards they are held to for cybersecurity are only increasing. Over the last year, the U.S. government has added significant new cybersecurity regulatory requirements, and additional measures are expected in 2022. To remain in compliance, financial firms and organizations must systematically document their cybersecurity efforts and prove they have taken the necessary steps to protect themselves (and their customers) from attack. This requires additional skills within the workforce.
Yet despite this immense and growing need, cybersecurity talent is hard to find, with demand outpacing supply by an estimated 2.72 million jobs globally. For many financial services firms, upskilling and reskilling existing workers is the most logical solution. To bridge the cybersecurity skills gap, individual professionals can also take action on their own.
Upskilling and Reskilling for Cybersecurity in Financial Services and Insurance
The nature of cybersecurity in the insurance industry and financial services is that it’s constantly evolving. Therefore, it’s essential for cybersecurity professionals to continually learn and adapt to new types of threats. To handle cybersecurity skills shortages, organizations can adapt the same models they’ve traditionally used to grow their cybersecurity teams, but also add new pathways for employees in other areas to switch to cybersecurity roles.
In addition to addressing the talent shortage, upskilling and reskilling employees have other advantages. First, they allow companies to focus on addressing their specific needs and providing highly targeted, industry-specific training. Since financial services have hefty regulatory burdens around cybersecurity practices, employees must understand those specific requirements.
Plus, growing employees from inside the company boosts morale and increases retention. That’s especially important in cybersecurity for finance and insurance, where even at the top levels of Fortune 500 organizations, the turnover rate remains high. This is often due to stress and lack of resources.
Steps for Organizational Leaders
1. Build a Cybersecurity Pipeline
Given the talent crunch and the need to address cybersecurity gaps in a timely fashion, it’s no surprise that some large organizations have developed formal talent development programs.
For example, Standard Chartered, a British multinational banking and financial services company, created a two-year apprenticeship program in 2020 targeting women and those who have recently left school in an effort to diversify its talent pool. Similarly, the Toronto Financial Services Alliance (TFSA) is collaborating with a college to create a post-graduate certificate in cybersecurity tailored for the needs of financial industry professionals.
But for many companies, existing employees, with their strong understanding of the industry and the company’s culture and needs, provide an even more compelling source of cybersecurity specialists. Jonathan Allen, director for enterprise strategy at Amazon Web Services Inc., says he has seen major efforts among AWS financial customers aiming to “reskill everybody to be a champion of security,” according to S&P Global.
2. Identify Employees to Upskill and Reskill
While cybersecurity is a technical profession, companies need not only look to their IT departments when identifying employees with potential for these roles. As cybersecurity professional organization (ISC)² explains in this study, employers increasingly view soft skills in the workplace as of equal importance to technical skills. This includes skills like problem-solving and critical thinking, strong communication, and eagerness to learn.
According to Harvard Business Review, IBM has had success in hiring with a greater focus on those soft skills than traditional certifications. Instead, the company has found that on-the-job training, targeted college courses and development programs, and certifications can fill skills gaps while quickly preparing employees for new roles.
Standard Chartered PLC, which was hiring for 500 new cybersecurity positions as of late 2020, said it planned to fill a significant portion of these positions internally. As S&P Global reports, the company expanded its internal cyber skills academy to retrain professionals currently in roles outside of cybersecurity who have transferable skills. To identify potential new talent, companies should consider promoting the need for cybersecurity talent and sharing information about options for upskilling employees with their staff.
3. Develop Pathways to New Skills
Organizations looking to develop cybersecurity talent must first assess their specific needs for the present and future. When it comes to cybersecurity in financial services, common skills requirements for professionals include the ability to detect and deflect external intrusions; the knowledge to identify vulnerabilities within systems and code; cloud security tactics; and more.
After mapping those needs, organizations can assess existing employees for skill sets that may transfer well to cybersecurity in finance and insurance. As certain roles become automated or are replaced by AI, employers may be able to reassign talent previously deployed in other areas.
Most employees will benefit from multiple modes of instruction and development, including:
- Formal training and development programs such as those offered by Emeritus
- On-the-job training through job shadows and rotations
- Mentorship from experienced cybersecurity professionals
- Access to industry certification opportunities
- Partnerships with outside security vendors who set up and train on certain systems
Steps for Employees
For individual employees in the financial services and insurance industries, upskilling and reskilling to gain cybersecurity knowledge can pay major career dividends. Attending an online cybersecurity course, asking for mentorship from an expert in your organization, or looking for opportunities to rotate in different roles are all options for acquiring cybersecurity skills to add to your resumé.
Cybersecurity in finance and insurance is an ever-moving target. So, organizations will need to stay abreast of not only what their employees need to know now but also what they’ll need to know to counter the threats of the future. That’s where partnering with outside experts like those at Emeritus comes in.
Learning About Cybersecurity in Financial Services
Ready to build a strategy to upskill and reskill your employees to meet your organization’s cybersecurity needs? Contact Emeritus Enterprise to learn about how we will work with you to identify target areas and build a sustainable and effective plan.
You can also view our online technology courses, including our cybersecurity offerings, for individual enrollment.