What are the biggest threats facing banks in cyberspace? Where do they come from? And what should you be doing to manage them? Join bankers, regulators, security consultants, information technology specialists, lawyers and government officials at this lively and informative half-day event to find out.
FT Protecting Banks in Cyberspace
Defend, Detect, Respond
Former Director, GCHQ
European External Action Service
Financial Services Compensation Scheme
Cyber attacks on banks are becoming more frequent and sophisticated. In the worst reported cases millions of pounds has been stolen, or data on thousands of customers has been compromised. Even when no money or information is lost, the legal, regulatory and reputational consequences can be serious. The cyber breach at credit-reporting company Equifax and the Petya attack on numerous organisations in more than 60 countries are just two of many recent incidents that have set alarm bells ringing at bank HQs.
This half-day event will bring together bankers, regulators, security consultants, information technology specialists, lawyers and government officials to discuss the threats facing banks in cyberspace. It will identify some of the biggest risks, where they come from and what banks should be doing to manage them.
Specific discussion points will include the development of innovative technology and stricter procedures to improve security; the role of the board of directors and executive committee; the regulatory dimension, including EU legislation coming into effect next year forcing companies to secure their computer networks and protect their data; and how the banking industry is working collectively to secure the financial eco-system.
Moderated by Financial Times journalists, FT Protecting Banks in Cyberspace promises to be a lively and informative event, with ample opportunity for networking and engaging with speakers. If cyber security is within your area of responsibility, this is an event you cannot afford to miss.
Robert Hannigan was Director of GCHQ, the UK’s largest intelligence and security agency, from 2014 to 2017. He is a leading authority on cyber security, cyber conflict and the application of technology in national security. He established the National Cyber Security Centre as part of GCHQ in 2016, having been responsible for the UK’s cyber strategy in 2009, the first of any Western country. He set the Government’s ambition of making the UK “the safest place to live and do business online” and was also responsible for leading, with military colleagues, the national offensive cyber programme. He now advises a number of international companies on cyber security. Mr Hannigan was the Prime Minister’s Security Adviser from 2007-10, with a particular focus on Islamist terrorism, and was responsible in the Cabinet Office for the Single Intelligence Account (covering MI5, GCHQ and SIS). He chaired COBR, the Cabinet Office Briefing Room emergency response committee, through numerous crises and was a longstanding member of the Joint Intelligence Committee, which he chaired in 2011-12. As Director General for Defence and Intelligence in the Foreign & Commonwealth Office, he was the lead adviser on counter-proliferation and other defence policy areas, as well as advising Foreign Secretary William Hague on intelligence policy and operations. He came to London from Belfast, where he was Tony Blair’s senior official on the Northern Ireland peace process, responsible for negotiations with political parties, paramilitaries and with the Irish and US Governments. Mr Hannigan was made a CMG in 2013 for services to national security and is one of the few foreign nationals to have been awarded the US National Intelligence Distinguished Public Service Medal.
Heli Tiirmaa-Klaar is currently a Head of Cyber Policy Coordination at the European External Action Service, the EU’s diplomatic service. She has been working on cyber security issues since 2007 when she led the development of the Estonian Cyber Security Strategy. In 2008-2010 she coordinated the implementation of the Estonian strategy, managed the National Cyber Security Council and led the development of Estonia’s National Cyber System as well as public-private partnerships for cyber security. In 2011-2012 she was assigned to the NATO International Staff to develop the new NATO Cyber Defence Policy. Earlier in her career she held various managerial positions at the Estonian Ministry of Defence and Tallinn University.
Simona Fionda is Head of Risk at the Financial Services Compensation Scheme (FSCS), the fund of last resort that protects consumers when regulated financial services firms fail. She is responsible for the oversight of all risk types and the interaction with both executives and non-executives. Prior to joining FSCS she was Head of Operational Risk at Metro Bank where she was responsible for Operational Risk, and Cyber and Information Security, including liaison with professional and industry bodies. Ms Fionda began her banking career at Barclays where she spent over 13 years in roles as varied as operations, marketing, project management, audit and risk management, including global risk system implementation and management information definition. She is a certified risk management professional and a member of the Professional Standards & Certification Committee at the Institute of Risk Management. In addition to her risk management qualifications, she holds qualifications in internal audit, project management and change management.
Royce Curtin joined Barclays in January 2017 as its new Managing Director of Group Intelligence. He leads the bank’s global Intelligence capability as part of its expanded Chief Security Office vision and service structure. He joined Barclays following a 27-year career with the Federal Bureau of Investigation (FBI) and US military. His extensive leadership experience most recently includes his role as the FBI Deputy Assistant Director of National Intelligence for Partner Engagement and FBI Senior Advisor to the Office of the Director of National Intelligence.Mr Curtin brings leadership expertise in crisis management, strategic intelligence, national security, special operations, and multinational intelligence platforms delivering high-impact, innovative customer and business performance solutions.
Vincent Di Giambattista
Vincent Di Giambattista is the Chief Information Security Officer for LCH, the London clearing house for exchange-traded and OTC securities. For the last 20 years he has been a senior security and risk leader working in different countries in various industries including e-commerce, retail, government, financial services, and banking. Mr Di Giambattista has set the direction of security strategies and associated plans and budgets within various organisations, defining operating models and building teams and practices to facilitate timely execution. He has successfully deployed large scale, international, complex projects including technical, functional and organisational solutions in alignment with the board’s risk appetite.
Vincent Gilbert is the Head of Cyber Security, EMEA, in the Global Banking & Investor Solutions (GBIS) division of Societe Generale. He started in 2008 as a security consultant in an information security company called Cyber Networks before joining Societe Generale in 2010. In 2011 he began heading the team in charge of functional and technical risk assessments before being appointed in 2014 as head of the Identity & Access Management for GBIS. In this current role, Mr Gilbert is responsible for protecting the bank from cyber threats and information security related frauds. He holds a Master’s degree in Information Systems Security Management from Concordia University of Edmonton in Canada.
Stephen Gilderdale is Chief Platform Officer as well as being the global lead for the organisation’s Customer Security Programme. Prior to his current role, he led SWIFT’s Shared Services business lines and was a key contributor to the development of the organisation’s 2020 strategy. He has over 20 years’ experience across a number of operations, technology and business development roles and, prior to SWIFT, held a senior management position at a top five consulting firm. He has worked at a variety of financial institutions across Europe, including securities marketplaces, banks and card operators.
Rolf Riemenschnitter is a cyber leader in McKinsey & Company's global risk practice, based in the Frankfurt office. In addition to cyber, his functional specialties include transformation management, digitisation and data privacy. Mr Riemenschnitter worked for 19 years at Deutsche Bank in various leadership roles within IT and HR. While at the bank he successfully implemented and led the first Group-wide Chief Information Security Officer (CISO) organisation. He has worked in leading global organisations in Frankfurt, New York, London and Bangalore. He has a degree in commercial information technology from the University of Koblenz-Landau, which he earned with honours.
Chair and Moderator (2)
Patrick Jenkins has been Financial Editor and Assistant Editor at the Financial Times since January 2014. In this role, Mr Jenkins shapes the FT’s overall financial coverage, with a focus on financial services and investment. He works closely with the editors of Markets, Lex, FT Money, FTfm and the financial services team. Mr Jenkins contributes to leader writing and comment, while continuing to write for the Inside Finance column. Previously, Mr Jenkins was Banking Editor since 2009, leading the 10-strong global financial services reporting team. Prior to this post he was Companies Editor and
Assistant Editor, and before that he was the Editor of international company news. Mr Jenkins joined the FT Group in 1996 as Editor of the newsletter FT world insurance report, before becoming UK companies reporter in 2000. Prior to taking up the post as International Company News Editor, Mr Jenkins spent four years in Germany as Frankfurt Correspondent for the FT.
Michael Imeson is a Senior Content Editor at Financial Times Live, the FT’s conference division, where he organises and chairs conferences, and a Contributing Editor of The Banker magazine, which is part of the FT. He also owns Financial & Business Publications, an editorial services agency providing services to a range of organisations. Before setting up the agency he was a news reporter for The Times and Sunday Times in London. He is a Chartered Member of the Chartered Institute for Securities and Investment (Chartered MCSI); an Advisory Board Member of the European Risk Management Council; a Member of the Institute of Internal Communication (MIIC); an Associate of the Institute of Directors; and an Alumni Mentor for the London School of Economics. He has written and edited several books including Dangers in E-Banking, TheFuture of the Building Society Movement, and Finance for Growth. He studied at the London School of Economics for an MPhil in Government and at the University of Bradford for a BSc in History and Literature.
Agenda - 28th Nov
8:15amRegistration and breakfast
9:00amConference chair’s opening remarks
Patrick Jenkins, Financial Editor, Financial Times
Senior Official, National Cyber Security Centre
9:30amPanel-framing presentation: Banks under attack
David Chinn, Senior Partner, McKinsey and Company
9:40amPanel discussion: Banks under constant attack – identifying the cyber security risks and dealing with them
Banks are probably the biggest target for cyber attackers. Fraud, identity theft, account takeovers and service disruption are causing major problems for banks and their customers, and things will only get worse as banks increasingly digitise their operations and hackers become more sophisticated. Data thefts from financial services companies jumped nearly 25% last year, according to incidents reported to the UK Information Commissioner’s Office.
- Banks have been increasing their investment in technology controls – how effective have these been and what needs to be done differently?
- What are banks doing about the human factor since every customer, employee and supplier could potentially be the source of a cyber attack?
- How are banks breaking down internal silos across business, information security, technology, risk, fraud operations and other departments when it comes to cyber risk? What should an integrated operating model look like?
- What is being done, or should be done, to improve information sharing across the banking sector to mitigate cyber risks?
- Will a growing rule-book truly improve security, or will its complexity and prescriptiveness make it a hindrance?
- How, if at all, should the roles of the board of directors and executive committee change as cyber threats become more prevalent and sophisticated?
Simona Fionda, Head of Risk, Financial Services Compensation Scheme
Vincent Gilbert, Head of Cyber Security, EMEA, Global Banking and Investor Solutions, Societe Generale
Robert Hannigan, Special Adviser on Cyber Security, Hiscox UK and Ireland, and former Director, GCHQ
Rolf Riemenschnitter, Senior Advisor, McKinsey & Company
Moderator: Patrick Jenkins, Financial Editor, Financial Times
10:50amPanel-framing presentation: Securing the financial eco-system
Stephen Gilderdale, Chief Platform Officer and Global Lead for SWIFT’s Customer Security Programme, SWIFT
11:00amPanel discussion: Securing the financial eco-system
Protecting individual banks is one thing. But the ultimate goal should be to protect the entire financial system. Banks with the best defences will certainly be safer, but repelled attacks will only be deflected to others that are less well protected. Hackers will always find the weakest links, which is why banks are working together and with government agencies to develop comprehensive approaches to a shared problem.
- What co-ordinated steps have been taken to date, and what further steps could be taken, by banks to protect themselves and their counterparties from attack?
- Breach response: even the best defences have their vulnerabilities and are likely to fail at some point. So how is the banking sector working cooperatively to improve response management? How do you ensure that all relevant departments are included?
- SWIFT’s Customer Security Programme launched last year is helping banks defend against cyber threats by, among other things, establishing an industry-wide security controls framework for use by all SWIFT members. What has it achieved to date, and what further developments are in store?
Royce Curtin, Managing Director, Group Intelligence, Barclays
Vincent Di Giambattista, Chief Information Security Office, LCH
Stephen Gilderdale, Chief Platform Officer and Global Lead for SWIFT’s Customer Security Programme, SWIFT
Heli Tiirmaa-Klaar, Head of Cyber Policy Co-ordination, European External Action Service
Moderator: Michael Imeson, Contributing Editor, The Banker, and Senior Content Editor, FT Live
11:50amConference chair’s closing remarks
Patrick Jenkins, Financial Editor, Financial Times
- Learn the latest on the cyber threats that are impacting banks and how to manage them
- Hear about new legislation that will require companies to secure their computer networks and protect their data
- Find out what steps are being taken to protect financial institutions from outside threats
- Discover what to do should security be breached
- Network with senior banking executives, as well as leading cyber-security experts to explore how the industry should work collectively to secure the financial eco-system.
This half-day event will bring together senior representatives from bank as well as regulators, security consultants, information technology specialists, lawyers and government officials.
Attendance is by invitation only. Applicants will be considered subject to availability of seats and meeting the above criteria.
Knowledge Partner (1)
McKinsey & Company is a global management consulting firm, deeply committed to helping institutions in the private, public, and social sectors achieve lasting success. For 90 years, our primary objective has been to serve as our clients' most trusted external advisor. With consultants in over 100 locations in over 60 countries, across industries and functions, we bring unparalleled expertise to clients anywhere in the world. We work closely with teams at all levels of an organization to shape winning strategies, mobilize for change, build capabilities and drive successful execution.
McKinsey's Risk practice helps clients in all industries achieve extraordinary risk-adjusted performance. We take a truly global, cross-sector, cross-functional view of risk issues, combining McKinsey’s deep industry insight and strategic skills with a structured risk management approach. Our network includes about 100 partners, 250 consultants and senior experts, and over 65 specialised modelling experts working together to advise on risk projects in the Americas, Asia, Europe, the Middle East and Africa. McKinsey Cyber Solutions helps institutions measure digital resilience, identify and prioritize critical assets for protection and investment, build leadership capabilities to respond to an attack, and make cyber build-or-buy decisions.
Strategic Partner (1)
SWIFT is a member-owned cooperative and the world's leading provider of secure financial messaging services. Our messaging platform, products and services connect more than 11,000 banking and securities organisations, market infrastructures and corporate customers in more than 200 countries and territories, enabling them to communicate securely and exchange standardised financial messages in a reliable way. As their trusted provider, we facilitate global and local financial flows, support trade and commerce all around the world; we relentlessly pursue operational excellence and continually seek ways to lower costs, reduce risks and eliminate operational inefficiencies. Headquartered in Belgium, SWIFT's international governance and oversight reinforces the neutral, global character of its cooperative structure. SWIFT's global office network ensures an active presence in all the major financial centres.