Article contents
Risk Assessment of Cyber Security in the Banking Sector
Abstract
This research investigates cyber security risk assessment practices in the banking sector, examining current methodologies, implementation challenges, and effectiveness in addressing evolving threats. Using a mixed-methods approach combining survey data from 128 financial institutions across 17 countries, in-depth case studies of six banks, and regulatory document analysis, the study offers a comprehensive evaluation of assessment maturity and outcomes. Findings reveal significant variations in implementation across different institution sizes, with large banks demonstrating consistently higher maturity across all assessment domains. Vulnerability assessment procedures show the strongest implementation (mean=3.87/5.0), while impact evaluation methodologies demonstrate lower maturity (mean=3.21/5.0). Statistical analysis confirms moderate to strong correlations between assessment maturity and improved security outcomes, including reduced incident detection times (r=-0.61) and lower financial losses (r=-0.59). Qualitative insights highlight persistent challenges in quantifying potential impacts, integrating third-party risks, and effectively utilizing threat intelligence. Based on empirical evidence, an enhanced assessment framework was developed incorporating business-aligned threat modeling, dynamic risk indicators, improved quantification methods, and supply chain risk integration. This research contributes to both theoretical understanding and practical implementation of financial sector security risk assessment, providing foundational knowledge for developing more resilient security postures in an environment of increasingly sophisticated cyber threats and complex digital ecosystems.
Article information
Journal
Journal of Business and Management Studies
Volume (Issue)
7 (4)
Pages
208-218
Published
Copyright
Open access

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.