Cyber risk assessment model for information assets: a tailored approach for the financial and banking sector

Modern technological advancements have significantly impacted how financial institutions operate. At the same time the intensity and scale of cyber threats have escalated, and they are now capable of increasingly diverse and sophisticated attacks. With limited resources, it is increasingly difficult to effectively manage cyber security and discern which information assets (IAs) need protection. Updated regulations demand effective methodologies for identifying and classifying IAs. Current methods, however, without tailoring to the financial sector’s specific needs, often neglect IA evaluation, are one-dimensional, struggle with large inventories and focus solely on technical aspects. We present a systematic, reliable, holistic and user-friendly adaptive model specifically designed for assessing IAs and their cyber risk in the financial and banking sector. Through a detailed case study involving the application of our model to a substantial asset repository (N = 798), we demonstrate a powerful reduction mechanism. Post application, only 13% of IAs out of the total inventory were classified as high or very high risk. This approach effectively identifies IAs that necessitate resource allocation for significantly enhanced resilience against cyber attacks, underscoring the model’s efficiency and practicality in prioritizing cyber security efforts. It thus contributes to the wider benefit of society by safeguarding sensitive financial data, which is essential for both individual security and economic stability.