The Importance of Cyber Resilience in Financial Services

The safe and secure operation of Financial Services (FinServ) markets and infrastructure is essential for maintaining financial stability and fostering economic growth.  With a per-company cybercrime cost that is 40% higher than average compared to non-financial sectors, cyberthreats within FinServ are axiomatic in nature: not a question of if, but when.

The rise of cloud computing, SaaS and API-driven tech stacks have exacerbated the interdependencies between FinServ and FinTech, and their respective customer bases.  Each wave of FinTech innovation also unlocks opportunities for new cyber innovations and cyber FinTech market growth.

As such, the cyber FinServ tech stack will continuously evolve.  Cyber risks in FinServ and FinTech are ever-present and evolutionary in nature, resulting in a continuously shifting threat landscape that requires agile solutions and a layered tech stack to effectively manage emerging risks posed by new assets, new technologies and new actors.

At MiddleGame Ventures, we believe the themes (and incorporated technologies) highlighted below will play a pivotal role in the evolution of cyber solutions for FinServ and FinTech, including:

1. Rise of AI

The AI revolution will supercharge cyber resilience and empower enhanced FinServ protection via deeper datasets and real-time insights.

• Faster, instantaneous insights: AI is central to delivering more effective risk intelligence (e.g., fraud identification) and real-time decisioning. AI has the potential to be applied across a number of FinServ use cases and verticals such as enhanced threat detection/visibility, predictive threat management, automated breach responses and hyper-personalised cyber products (e.g., cyber security broker support tools to enhance customer service).
• Predictive risk management: AI will help FinServ better manage cyber risks by analysing vast volumes of data and identifying signals in the noise, thus enabling the adoption of proactive and preventative activities rather than responsive and reactive activities. Start-ups that help FinServ better identify, understand, manage and mitigate AI-related cyber risk, including identification of contaminated/bad data, are of particular interest.
• Verticalised FinServ data sets: Generative AI can be used to simulate cyberattacks and generate synthetic data that will help train foundation models to better protect FinServ. FinServ-specific data sets will be integral to the successful application of AI, particularly highly regulated activities that require 100% output accuracy and compliant management of customer/business data.

2. A New Era of Digital Assets

Blockchain technology is inherently optimised for security, yet still susceptible to attacks, requiring fundamentally new cyber solutions.

• Wallets: Wallets and identity will continue to coalesce with wallets becoming the universal identifier and data manager for all customer engagement across the digital asset landscape. Wallets will consume, manage and store all sorts of data beyond identity and thus create new verticals to deepen customer engagement and opportunities for commercialisation.
• Transparency and risk analytics: Observability offerings are nascent within the digital assets space. Increased transparency and threat intelligence is required to drive more robust risk analytics and therefore increase investment, trust and the underlying legitimacy of the ecosystem.  Risk analysis and ratings for digital assets, including real-time analysis across chains, protocols and liquidity pools will provide increased assurance and enable users to better evaluate risk and make data-driven decisions.
• Data privacy: Lack of data privacy is one of the primary drawbacks of blockchain due to its inherent transparency and record keeping of transactions. Security and compliant privacy of on-chain transaction data, market sentiment and network activity is a foundational requirement to establish blockchain cyber resilience.  There are multiple use cases within FinServ where market sensitive and/or personal data should only be accessible to the relevant individuals.  Data privacy-driven digital asset solutions will be of particular interest to MGV going forward, including technologies such as zero knowledge proofs (ZKPs), ring signatures/stealth addresses, and homomorphic encryption.

3. Open Finance

Recent and forthcoming FIDA/PSD3/PSR announcements mark the shift from Open Banking to Open Finance, taking us one step closer to an Open Data economy.

• API and cloud security: An increasingly interconnected API-led financial services ecosystem requires a new level of industry collaboration and vendor risk management.  Hyper-connected Open Finance networks rely on the security and cyber resilience of each individual party.  Multi-cloud security solutions, Open Finance network security, and zero-trust-based API security are particular opportunity areas.
• Access management and secure communications: Improper access/permissioning and data leaks are a growing concern for API customers, the subject of board-level discussions with the C-suite by half of all companies. A successful Open Finance ecosystem requires participants to know whom they are communicating with, agile access management practices and increased data security between all parties.
• Hyper-personalised financial products: We will see an increase in start-ups leveraging Open Finance APIs to offer increasingly personalised financial products and services across insurance, pensions, loans, and investments, particularly within the retail space.

4. Risk Orchestration & Governance

The increasing complexities and interlinked nature of digital FinServ requires enhanced risk orchestration and governance solutions.

• Contextual insights: The sheer volume of unique vulnerabilities is increasing at an unparalleled rate with c.10K new vulnerabilities logged annually to the Common Vulnerability Scoring System (CVSS), a published global standard. Vendor orchestration, user orchestration and activity orchestration, as well as the contextualisation of risks to enable prioritisation and effective resource deployment will be increasingly important.
• Vendor and activity orchestration: In a traditionally fragmented landscape, FinServ organisations are now looking to consolidate their cyber security approach and vendors. Preventative, proactive and contextual solutions that help FinServ deploy and orchestrate a layered security posture, as well as utilize more effective capabilities against these attacks, are of particular interest.
• C-Suite tooling: c.52% of CISOs have expanded their responsibilities over the past two years and c.71% report that the Board is involved in cyber issues on a monthly or quarterly basis. Today’s talent shortages and high-false positive detection rates opens a lane for solutions that provide clear productivity gains.

5. Embedded Cyber

Successful protection of critical financial services infrastructure requires cyber resilience by design.

• Embedded resilience: Embedded cyber is still nascent and has primarily seen growth within industries that i) represent critical infrastructure and ii) are transitioning to digital. As FinServ becomes increasingly digitised, and the pace of deployment increases, it will be integral for cyber considerations to be baked into the software development lifecycle (SDLC). This makes embedded cyber particularly interesting as it can act as a means of application for other themes within cyber resilience, in a time when FinServ is looking to consolidate cyber vendors.
• DevSecOps and ‘Shift Left’: Effective communication and collaboration, along with the integration of cyber teams and their activities within an organisation, is paramount to the development of secure and sustainable financial products and services. However, the practice is still in its early innings with only 24% of FinServ CIOs stating that their teams employ successful DevSecOps strategies.  Solutions that help break down silos between development and security teams to enable the progression of DevSecOps will be increasingly important.
• Accessibly and No/Low-code: No/low-code and accessible cyber solutions will help drive adoption of embedded cyber practices across small-mid size FinServ companies that are challenged by both scarcity of talent and resources.

In summary, with each successive wave of FinTech innovation comes a wealth of new cyber risks as well as new cyber innovation opportunities.  As such, robust cyber resilience will only become more essential for the protection and sustainability of goods, products and services within FinServ – in fact, the underlying growth of this vital market.

—

Launching a venture in the Cyber x FinTech space?  Want to pitch us on anything else?  We’re seeking outstanding entrepreneurial teams who are reimagining financial services.  If that’s you, get in touch here.

If you would like to find out more about MGV and the team, see here.