Cyber-threat perception and risk management in the Swedish financial sector

Abstract

The financial sector relies heavily on information systems for business. This study sets out to investigate cyber situation awareness in the financial sector in Sweden, by examining what information elements that are needed for a common operational picture, and exploring how key actors perceive cyber-threats.Data was collected through a survey and a series of interviews with key actors in the sector in conjunction with a national level crisis management exercise. The data was then analyzed and contrasted to theory. Conclusions were drawn and results discussed. Finally, possible mitigation actions were suggested.It was found that actors in the Swedish financial sector have a well developed crisis management working concept. However, information about rational adversaries that cause prolonged disturbances is possibly not collected, analyzed and utilized systematically. Much effort is put into ensuring that timely and relevant information from organizations is shared in an efficient manner. The sector perceives cyber-threats against the underlying financial infrastructure, as well as against IT service availability and data confidentiality, besides financial theft. The sector has particular concerns for the potential of reputational loss due to cyberattacks. There are also special concerns about the insider threat.Respondents agree that risk management has to account for cyber risk. A possible route to enhance risk management practices is to ensure that cyber personnel is integrated in crisis management teams.