As 2023 fades into the past, the banking industry gains a sharper perspective on a year defined by both anticipated and unexpected challenges. Financial institutions encountered a range of risks—some predictable, others emerging with little warning. One key lesson stands out: banks must strengthen their defenses not only against known threats but also against those that are difficult to foresee.
Looking ahead to 2024, risk remains one of the most pressing concerns across the banking sector. Residential and commercial real estate prices continue to climb, and with mortgage payments outpacing wage growth, default risk is becoming increasingly significant. At the same time, global economic instability persists, placing additional pressure on financial systems worldwide. Cybersecurity, however, is rapidly emerging as a critical area of concern. The rise of generative AI has dramatically changed the threat landscape, providing cybercriminals with new capabilities, including deepfakes, AI-generated viruses, and advanced phishing attacks that are far more difficult to detect.
To understand how financial leaders are responding, a recent global survey explored the perspectives of CEOs on cybersecurity and organizational resilience. The research, titled “The Cyber-Resilient CEO,” examined how C-suite executives are preparing for and managing cyber risk in today’s evolving environment. The study included responses from 1,000 CEOs of companies generating more than $1 billion in annual revenue, spanning 15 countries and 19 industries. Among them were 53 banking CEOs, whose insights reveal how the financial sector is adapting to the growing complexity of cyber threats and the increased urgency for resilience.
When asked about the most pressing challenges they currently face, 41% of banking CEOs pointed to maintaining digital trust with both consumers and business clients amid rising fraud threats. Nearly half of the respondents also identified technology modernization (26%) and regulatory compliance (21%) as core issues demanding immediate attention. These findings underscore a critical reality: banks can no longer afford to ease their focus on digital risk and compliance. As cyber threats become more sophisticated, maintaining resilience is not optional—it’s a competitive imperative.
The benefits of investing in cyber resilience are both measurable and compelling. According to our research, CEOs who lead with a more cyber-resilient strategy see significantly better business outcomes. These organizations report 16% higher incremental revenue growth, 21% greater cost reduction gains, and 19% stronger balance sheet performance compared to peers. In addition, they are able to detect, contain, and remediate cyber threats faster, with breach-related costs reduced by a factor of two to three. The data paints a clear picture: cyber resilience not only mitigates risk but also drives real financial advantage.
Challenging the status quo
While the rewards of stronger cyber resilience are substantial, the path to achieving them is far from straightforward. The cyber threat landscape is increasingly complex, shaped by unprecedented levels of global disruption. According to the Accenture Global Disruption Index—which measures disruption across economic, social, geopolitical, climate, consumer, and technology domains—disruption surged by 200% between 2017 and 2022. While these disruptions aren’t banking-specific, their ripple effects are clearly felt throughout the financial sector.
Banking leaders appear more attuned than the global average to the forces amplifying cyber vulnerabilities. Among them, technology innovation ranks highest: 62% of banking CEOs identified the rapid pace of tech development as a significant cyber risk—10 percentage points higher than the global sample. Additionally, 89% view cyber trust and resilience as critical to safely adopting emerging technologies like generative AI and quantum computing.
36% of banking CEOs identified supply chain disruptions as the second-largest external risk, a significantly lower figure compared to 51% across all industries globally. However, the perceived threat from environmental vulnerabilities is nearly universal—92% of banking CEOs recognize the growing cybersecurity risks linked to climate-related changes and sustainability initiatives, slightly above the global average of 90%.
Despite their awareness, many banking executives admit they are still catching up. Nearly all respondents (98%) agree that cybersecurity is a key business enabler, yet only 36% strongly believe they have a deep understanding of today’s evolving cyber threat landscape. Furthermore, two-thirds (66%) express concern about their organization’s ability to prevent or minimize the business impact of a cyberattack. The gap between intent and capability underscores the urgency for deeper investment in both strategy and cyber literacy at the leadership level.
What banking CEOs say
A cyber-resilient CEO has distinct characteristics, and it’s encouraging to see that banking industry leaders are making stronger strides in cyber resilience than their global peers.
Here’s how it plays out:
Conversations with C-suite banking executives around the world reinforce these insights. Encouragingly, the banking sector is slightly ahead of the global average when it comes to prioritizing cybersecurity at the highest levels. Twenty-six percent of banking CEOs report holding dedicated board meetings focused on cybersecurity, compared to just 15% among global peers—a clear sign that the industry is beginning to embed cyber resilience more deeply into strategic governance.
Five Steps to the cyber-resilient Banking CEO
Banking CEOs have an opportunity to learn from a core group of cyber-resilient leaders—executives who take a broad, integrated view of cybersecurity that spans talent, innovation, sustainability, and customer trust. Five key actions distinguish these forward-thinking leaders:
- Embedding cyber resilience into business strategy from the outset
- Establishing shared accountability for cybersecurity across all levels of the organization
- Securing the digital core, ensuring foundational systems are robust and protected
- Extending resilience beyond silos, collaborating across ecosystems and third parties
- Embracing continuous improvement to stay ahead of fast-evolving cyber threats
Mitigating risk has always been a foundational responsibility for banks. As we move further into the AI-powered era, cyber resilience is rapidly becoming a top priority for the banking C-suite. The risks are dynamic, but so are the opportunities for those prepared to act decisively.
If you’re interested in exploring practical steps to becoming a cyber-resilient CEO, we invite you to read our full report or connect with us to continue the conversation.
What role will risk play in shaping the year ahead? Stay tuned for our Top 10 Banking Trends for 2024: Banking on AI, coming this January.
Frequently Asked Question
What does cyber resilience mean in the context of banking?
Cyber resilience in banking refers to a financial institution’s ability to prepare for, respond to, and recover from cyberattacks while maintaining continuous business operations and safeguarding sensitive data.
Why is cyber resilience critical for banks in 2024?
With the rise of generative AI, increasingly complex cyber threats, and strict regulatory expectations, cyber resilience is essential for maintaining customer trust, protecting digital infrastructure, and avoiding costly breaches.
What are the five proven steps to strengthen cyber resilience in banking?
The five steps include embedding cyber resilience into business strategy, establishing shared cybersecurity accountability, securing the digital core, extending resilience beyond organizational boundaries, and embracing ongoing improvement.
How can banks embed cyber resilience into their business strategy?
Banks can integrate cybersecurity planning from the start of strategic initiatives, ensuring cyber risk assessments, controls, and mitigation tactics are aligned with business goals and growth.
What does shared cybersecurity accountability mean in practice?
This means that cybersecurity is no longer just IT’s job. Everyone from the CEO to business units must be aligned on responsibilities, decision-making, and governance related to cyber risk.
What is meant by “securing the digital core” in banking?
This involves protecting the most critical digital infrastructure—core banking systems, cloud environments, and payment platforms—through zero-trust architecture, encryption, real-time monitoring, and threat detection tools.
How can banks improve cyber resilience beyond their internal operations?
Banks should extend cyber protection to third parties, vendors, and digital partners through strong oversight, supply chain risk assessments, and shared cybersecurity standards.
Conclusion
Banking institutions must prioritize cyber resilience to safeguard their operations, data, and customer trust. By adopting the five proven steps—embedding cyber resilience into business strategy, fostering shared accountability, securing the digital core, extending resilience beyond organizational boundaries, and embracing continuous improvement—banks can build a robust defense against evolving cyber risks.