Guest blog: Building a Cybersecurity Program fit for your building society

Guest blog by Josh Davies, Product Manager, Alert Logic. This article was first published in Society Matters magazine.

Guest blog by Josh Davies, Product Manager, Alert Logic

This article was first published in Society Matters magazine.

At this year's Building Societies Conference, I spoke about emerging threats and how to combat them. Cybersecurity events have skyrocketed in recent years, both as organisations have slowly deployed new digital technologies across their businesses and as companies have transitioned to hybrid work models following the pandemic.

The importance of an effective cybersecurity program

Emerging digital workplaces opened attack vectors that hackers have exploited, making a robust cybersecurity program essential. A cybersecurity program makes organisations more resilient, enabling you to protect your reputation, conduct proper risk assessment and ensure regulatory compliance.

A cybersecurity program combines security controls, procedures, teams and remedial plans to reduce cybersecurity risk and recover data following an attack.

Why implement a cybersecurity program?

  • Protect your reputation: Business reputations in the digital economy depend on an organisation’s ability to protect the personal data of customers. A strong cybersecurity program, demonstrates that customers’ personal data is taken seriously, building trust.
  • Stay compliant: Regulatory agencies are responding to the cybersecurity threat by introducing and refining compliance regulations. An effective security program includes controls ensuring adherence to regulations, helping organisations avoid costly non-compliance investigations and fees.
  • Coordinate cybersecurity efforts:  An organisation’s cybersecurity strategy may be fragmented across departments, leaving gaps in their security posture for hackers to exploit. A cohesive cybersecurity program ensures standardised alert detection, threat analysis and incident response across the organisation.
  • Mitigate third-party risk: Outsourcing operations to third-party vendors exposes firms to risk, which can be more difficult to identify and protect against. A well-developed cybersecurity program includes third-party security protocols and ensures third parties have adequate controls to protect the organisation’s sensitive data and mitigate risk.

Four cybersecurity program essentials

There are numerous ways to create an effective cybersecurity program, and security controls should address specific requirements of the organisation, but there are some essential elements:

Business and data recovery plan 

Organisations require plans to recover data and ensure business operations quickly return to normal. Organisations should keep regular data backups — preferably stored off-site — to mitigate data loss from an attack.

Cybersecurity training 

People are an organisation’s most important asset but pose a cybersecurity risk, as hackers often exploit mistakes to penetrate systems. Ongoing training sessions with employees on best practices ensure they are doing everything possible to protect account information.

Relevant performance metrics 

It is important there are procedures to measure the impact and success of the cybersecurity program. Track metrics like mean time to detect (MTTD), intrusion attempts and mean time to contain (MTTC) to quantify performance.

Ongoing monitoring

Organisations need to stay abreast of emerging threats and constantly test their own security systems to better understand where new vulnerabilities exist.

Steps to building a cybersecurity program

Here are the basic steps to craft a cybersecurity program:

  1. Outline a cybersecurity vision:  Detail a vision that places the proposed cybersecurity program inside the broader digital journey of the organisation.
  2. Conduct a risk assessment: Identify malicious actors interested in penetrating your systems and stealing critical data. These could be amateur black-hat hackers or cyberterrorists.
  3. Identify relevant compliance regulations: These vary by industry, so it’s critical organisations understand relevant regulations and build controls that ensure compliance.
  4. Place proper controls:  Identify the tools, procedures, personnel and software for the cybersecurity program you envision.
  5. Conduct ongoing gap analyses: Regularly test technological solutions, governance procedures and security personnel to ensure cybersecurity policies are properly implemented and identify gaps.

For more information: Visit www.alertlogic.com to learn more.


The views, opinions and positions expressed within guest blogs are those of the authors and do not necessarily represent those of the BSA.

You may also be interested in...

BSA Card
  • BSA.Event Event
  • Mortgages & Housing

Shaping the Future of the Mortgage Market: Insights on DP25/2

Join PwC and the Building Societies Association for a timely discussion on the FCA’s recent Future of the Mortgage Market discussion paper (DP25/2). ...

BSA Card
  • BSA.IndustryResponse Industry Response
  • Conduct Risk & Regulation

BSA responds to FCA CP25/17 - Targeted Support

The BSA welcomes the opportunity to respond to this consultation, which gives a use case of consumers with significant savings held in cash, and some ...

BSA Card
  • BSA.Event Event
  • Audit & Taxation

What Labour’s Autumn 2025 Budget means for financial services

A free webinar hosted by BSA Associate, MHA With Chancellor Rachel Reeves set to unveil Labour’s Autumn 2025 Budget by early November, this promise...

BSA Card
  • BSA.Event Event
  • Audit & Taxation

HMRC 3rd party data reporting requirements

A free webinar hosted by BSA Associate, PwC We will provide an update on the 3rd party data consultation that was announced in the Spring Statement...

BSA Card
  • BSA.Event Event
  • Audit & Taxation

Risk, regulatory, audit and accounting seminar

After a successful in-person event in 2024, and responding to delegate feedback, this year's annual update will once again take place in Birmingham. ...

BSA Card
  • BSA.Event Event
  • Mortgages & Housing

Annual meet-up for mortgage professionals

The 2025 Annual Mortgage Meet-up will be taking place in London on Thursday 25th September. Exploring some of the biggest issues shaping the futu...

BSA Card
  • BSA.Event Event
  • Conduct Risk & Regulation

Secretaries seminar

The role of a society secretary can be very broad. Beyond the core duties of preparing for board meetings and AGM and minute taking, secretaries are i...