Cyber related threats are not a new concept to the financial sector but the threat landscape has changed radically in recent years and months. What was adequate before is simply not good enough now.

The reality of cyber threats is, their guise is in many forms. These include APT’s (Advanced Persistent Threats) in basic terms are strategic, stealthy, remotely controlled reconnaissance type vectors sponsored by actors who objective may be as much geopolitical as financial.

Destructive attacks in the guise of “Ransomware” appearing to be pedestrian cybercrime but designed to ultimately destroy the availability and integrity of data. One of the biggest game changers is the threat actor landscape itself, the motivation, origin and objective of these attacks is aligned with the eclectic mix of malefactors. These are powerful forces which involve state sponsored attacks with geopolitical motivation, criminal syndicates offering “crime as a service” to lower end criminal entities and all this makes for significant challenge for FMI’s (Financial Market Infrastructure) across Europe and throughout the Globe to deal with.

“Cybercrime is a serious threat not only to individual market actors but also to the overall operational network.” ECB European Central Bank

We are almost desensitised to the media reports of high profile destructive and global cyber attacks and heists. Of course these reports only represent a fraction of the attacks and breaches that occur on a daily basis.

Due to the nature of these attacks, the “reality check” is that traditional security controls are now increasingly inadequate.

Why is conventional cyber security becoming inadequate?

Traditional “Prevention” techniques such as black listing/white listing is not good enough anymore. Verification is an imperative. Prevention is only one part of the solution. Breaches are inevitable and having an adequate capability to be able to detect, respond and recover are now baseline requirements.

Your Network Perimeter is Dissolving. Your customers, staff, business partners and vendors need access to everything, anytime from anywhere on any device. The cloud, mobile, remote access, multiple jurisdictions are the reality of the foundation of the extended enterprise.

Cyber Skills are Scarce! There are over 40,000 open IT security related positions in Ireland alone. Over 2,500 open Global CISO roles in the US and a recent survey reported the average salary for a UK CISO (FinSec) is £1m. There are simply not enough “real deal” experienced and qualified people to meet the demand. It is not simply a case of outsourcing as professional service firms face the same challenges of finding “Cyber Skilled” resources.

Your business ecosystem and vendor dependency is one of the biggest cyber challenges facing your organisation. Security is only as strong as the weakest link and with the increased sanctions in legislation such as the GDPR, not alone will we see litigation between business partners but all organisations in the supply chain are open to being sued post breach by those affected for pecuniary or non-pecuniary damages (i.e. distress). The “Blame for Claim” rush is on its way. Establishing trust and gaining assurance is a key challenge in the financial service ecosystem.

A final point to note is in relation to IoT, the “Internet of Things”. Security is very low on the agenda of manufacturers. These devices are being increasingly networked and this has introduced unprecedented security hazards. Recent massive global large scale DDoS attacks have been based on cybercriminals being able to create compromised networks of hundreds and thousands of these devices around the world and use them to essentially attack a target. One of the highest profile attacks was during the US elections and involved a massive Internet outage across the US.

There is an alphabet soup of laws, legislation, regulations, guidance, frameworks, standards and authorities. Over 400 of them comprising of over 10,000 overlapping and often conflicting controls, originating from 175 legal jurisdictions. It is a challenge even to know where to begin.

European related legislation is key, the NIS (Network Information Systems) Directive, the GDPR (General Data Protection Regulation) are part of your “must do” list.

This is not instead of but to compliment and support initiatives such as PSD2 and SIP. The IOSCO (International Organization of Securities Commissions) – CPMI (Committee on Payments and Market Infrastructure) has released some excellent guidance in relation to cyber resilience.

However, let me point you to what I feel is one of the best guidance documents available. The G7 cyber expert group have published the “Fundamental Elements of Cyber Security for the Financial Sector” and this advice is being echoed by the Eurosystem, ECB and local regulators across Europe.

The elements underline that cyber risk must be met by a collective and united effort by the financial industry and the public authorities, both within and across borders.

This means cyber resilience of the financial ecosystem is a joint effort of institutions, infrastructures and regulators. Of course this means banking supervisors and financial market infrastructure overseers will be naturally increase focus on ensuring cyber resilience. The bottom line, first responsibility is and stays with the financial institutions.

Contact Us if you’re interested in organising a briefing: +353 (0)1 905 3260

Delegates Feedback



An eye opening course bringing to life exactly what a CISO is and maybe more importantly what is isn’t. Many lightbulb moments that will help refocus how to better align security with the business, and what it takes to be successful.

MARK CONABEARE – DEBENHAMS PLC

2018-07-02T12:35:49+00:00

MARK CONABEARE – DEBENHAMS PLC

An eye opening course bringing to life exactly what a CISO is and maybe more importantly what is isn’t. Many lightbulb moments that will help refocus how to better align security with the business, and what it takes to be successful.
Would highly recommend this boot camp. It was very informative, especially considering I do not come from a techy background. Great course to enable you to be a business protector.

DENISE COMERFORD – INTO CREDIT UNION

2018-07-02T12:30:03+00:00

DENISE COMERFORD – INTO CREDIT UNION

Would highly recommend this boot camp. It was very informative, especially considering I do not come from a techy background. Great course to enable you to be a business protector.
Good spread of topics, Good delivery and pace.

RONAN TIMMONS – INVESTEC BANK PLC

2018-07-02T12:30:30+00:00

RONAN TIMMONS – INVESTEC BANK PLC

Good spread of topics, Good delivery and pace.

Excellent Course, Unparalleled thought leadership expertise, amazing presentation skills, thank you I could attend.

MARTIN TANG - IRM

2018-07-02T11:37:46+00:00

MARTIN TANG - IRM

Excellent Course, Unparalleled thought leadership expertise, amazing presentation skills, thank you I could attend.
I found the 2 days course excellent. It provoked good discussions and Paul gave great examples of boot practice.

Ian Brennan - Laya Healthcare

2018-07-02T12:07:13+00:00

Ian Brennan - Laya Healthcare

I found the 2 days course excellent. It provoked good discussions and Paul gave great examples of boot practice.
A very well formed two day course, very dynamic topics, backed with real world examples.

MARTIN MCCAULEY - W & R BARNETT

2018-07-02T12:08:07+00:00

MARTIN MCCAULEY - W & R BARNETT

A very well formed two day course, very dynamic topics, backed with real world examples.

Keep up the good work, Excellent vision of cyber risk today and into the future.

MICHAEL MCHUGH  – INTO CREDIT UNION

2018-07-02T12:25:37+00:00

MICHAEL MCHUGH  – INTO CREDIT UNION

Keep up the good work, Excellent vision of cyber risk today and into the future.
I found the course fantastic. It was extremely engaging & interactive throughout. It was very informative & the content was interesting and current & relevant to my service line.

BRÓNAGH DOHERTY - INTERTRUST

2018-07-02T12:08:59+00:00

BRÓNAGH DOHERTY - INTERTRUST

I found the course fantastic. It was extremely engaging & interactive throughout. It was very informative & the content was interesting and current & relevant to my service line.
Very informative and enjoyable course.

ANGELA MORAN – AIB

2018-07-02T12:20:39+00:00

ANGELA MORAN – AIB

Very informative and enjoyable course.

Great content, Interesting & fast paced

JOHN CARROL – INVESTEC BANK PLC

2018-07-02T12:26:58+00:00

JOHN CARROL – INVESTEC BANK PLC

Great content, Interesting & fast paced
Very enjoyable & well presented. Liked the approach to integrate with practical real world examples. Would recommend

SHANE O’CONNOR – SUSQUEHANNA INTERNATIONAL GROUP

2018-07-02T12:27:35+00:00

SHANE O’CONNOR – SUSQUEHANNA INTERNATIONAL GROUP

Very enjoyable & well presented. Liked the approach to integrate with practical real world examples. Would recommend
An eye opener giving a global picture backed up with real world examples, Great Knowledge.

SHANE O’REILLY – TOTAL PRODUCE

2018-07-02T12:27:59+00:00

SHANE O’REILLY – TOTAL PRODUCE

An eye opener giving a global picture backed up with real world examples, Great Knowledge.

Excellent stuff – Paul is a mine of information.

DEREK HARDIMAN – ABBEY CAPITAL

2018-07-02T12:28:35+00:00

DEREK HARDIMAN – ABBEY CAPITAL

Excellent stuff – Paul is a mine of information.
Course content excellent, well presented at a good pace.

PADDY HAND – NSSL

2018-07-02T12:29:12+00:00

PADDY HAND – NSSL

Course content excellent, well presented at a good pace.
Quality course content explained in easy to connect real life situations. Highly knowledgeable professionals in the world of cyber and reality.

GERARD CLEAR – CABOT FINANCIAL

2018-07-02T12:29:36+00:00

GERARD CLEAR – CABOT FINANCIAL

Quality course content explained in easy to connect real life situations. Highly knowledgeable professionals in the world of cyber and reality.