Data as a Defence (DaaD) Big Data and AI: Delivering Systemic Cyber Resilience

We live in a more complicated and interwoven world. The risk of a systemic event is becoming more likely; AI, economic events, geopolitics and the proliferation of cyber attacks mean that it's not a question of if we see a systemic event, but when.

The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

The Current Landscape - Now or Never

The list of risks is many, and to quote Jamie Dimon "Now may be the most dangerous time the world has seen in decades”, bank executives across the United States are “climbing the wall of worry”.

Yet, geopolitical events ebb and flow, and whilst important, the world consensus is (in the most part) to work together to defuse incidents so they subside and their risk is contained. 

Economic factors are a perpetual cycle of growth, recession, boom and bust that a business should be familiar with; having the appropriate economic levers, experience and controls to navigate. 

AI is not an event; the world will not act together to contain it, yet AI directly feeds into these external risk factors. Its rapid development, commoditisation and proliferation will see it settle in the hands of those that choose to operate outside the controls of the global regulatory system. On the contrary, bad actors (state sponsored and private) will utilise AI with the specific objective of weaponising the technology. The state and private sector will accelerate AI investment for fear of losing competitive ground and to gain the rewards that will come with the AI industrial revolution. 

Regulation will struggle to keep pace with AI and the pending acceleration in innovation.  AI’s power will grow, cyber “incidents” will become “existential events” for some, with the potential to become “systemic events” for all. 

Recognising the Risk

UK Finance surveyed their members to ask what assets they had mapped for the purpose of Op Res policy compliance. The results lead us to question, can firms see all their estate as they increase mapping sophistication?

With technology dependencies in your organisation have you mapped in the first year?

Siloed asset data has limited cyber value. FI’s understand this, so to resolve this problem they build asset inventories, relationship mapping, prioritisation and enterprise data in spreadsheets. Yet Excel is not designed for enterprise scale cyber defences. Spreadsheets deliver a partial snapshot and moment in time view of an organisation's data. 

UK Finance Discussion point: Mapping and Tooling

Spreadsheets are no defence against a weaponised AI. Hence big data + AI is key in forming a larger contextual picture of your estate. 

Call to Action

Large, connected, global data sets are infinitely more powerful than an asset data point in Excel. However, big data sets are still constrained by people, low grade IT and siloed applications. AI mitigates these shortcomings, empowers FIs and deploys always-on cyber defences. Big connected data plus AI helps us create globally defined known-good behaviours, automate identification of vulnerabilities, prioritise threats that are relevant to each organisation, then empower cyber teams with complete, accurate and real time data.

Data has value. Connected data exponentially more so. Connected big data and AI equals the power to defend.

A global AI powered Cyber Exposure Management platform, built on the world’s largest asset AI engine of 3.5Bn assets and ~20 per cent of the internet is the answer to both the internal cyber and external regulatory pressures being felt by the Financial Services industry.

Please find the following paper attached to explore how: 

Big Data and Artificial Intelligence: Delivering Systemic Cyber Resilience in Financial Institutions 

Register to our webinar Data as a Defence: Clean Data for Cyber, AI and Operational Resilience Regulatory Risk to hear more about these challenges.