New Stakes for Cyber-Resiliency in the Era of Cyberwarfare

The intricate network of cybercrime and nation-state threats that often intertwine and overlap can be fully identified and traced only by true cross-sector intelligence sharing. Yet cyberwarfare continues to be a mysterious black box when it comes to cyber risks that should be on the radars of financial institutions. Governments are obviously concerned about cyber risks linked to espionage, misinformation campaigns, elections, and a host of ancillary concerns, such as terrorism and human trafficking. But what about the risks to critical infrastructure, under which financial services fall? 

The war in Ukraine, the Iran-Israel conflict, and increasing tension between the United States and China have raised new concerns and emphasis around geopolitical risks. Attacks against the U.S. financial infrastructure undoubtedly are a sweet spot for those adversaries, which aim to rock U.S. consumer trust in the financial ecosystem and raise questions about consumer privacy protections. Javelin has encouraged its FI clients to partner with vendors, particularly on the identity verification/identity-proofing side, that pool consortium data from multiple sources to verify the authenticity of identities (see 2024 Authentication and Identity-Proofing Vendor Solutions Scorecard). 

This report explores why national cybersecurity orders will never secure real results for cyber resiliency. It looks at steps financial institutions can take to reverse poor decisions made in previous tech investments that will benefit and strengthen cyber resiliency and reduce ongoing risk. It also considers why and how the cyber threat and risk landscape expands exponentially through consumers, employees, and the supply chain. 

Key questions discussed in this report:

• Why can’t national cybersecurity orders secure real results for cyber resiliency?
• Why are financial institutions continually failing to make tech investments in solutions that will benefit and strengthen cyber resiliency that reduces ongoing risk?
• How is the cyber threat and risk landscape expanding exponentially, through consumers, employees, and the supply chain?

Companies mentioned:

ByteDance, DeepSeek, GBG, ID Mission, LexisNexis Risk Solutions, Mastercard, Netki, TikTok