What’s the most pressing cybersecurity concern in Finance?

Legacy infrastructure is one of the most recognised and least managed causes of risk. The greatest likelihood of disruption comes from system failures which cannot be effectively recovered from nor repaired. Boards take false comfort from extended support, not fully understanding what support is not provided. It is also proving difficult for many firms to be able to map what services sit on what infrastructure. Without this data the risk assessments are too general and do not facilitate good and targeted decision-making. In parallel Boards chase statistics on activities such as patching. Patching 98% of systems within x-days is not what matters most. The question should be is what is at risk where we have failed to deploy 2% of patches. If your crown jewel services are sat on legacy infrastructure which is not patched, and there is a known exploit on the web, your exposure is high. Finally, how many CROs know the cost of cost of maintaining legacy and use that to leverage investment in divesting from legacy. Business will always want to move forward with new products and propositions and enterprise architects should be looking at modernising and divesting as integrated activities. Remove legacy as part of your digital transformation, collect a present the reductions in legacy dependency costs and show how an improved control environment is reducing loss (financial and reputational).