Guest blog: Building a Cybersecurity Program fit for your building society

Guest blog by Josh Davies, Product Manager, Alert Logic. This article was first published in Society Matters magazine.

Guest blog by Josh Davies, Product Manager, Alert Logic

This article was first published in Society Matters magazine.

At this year's Building Societies Conference, I spoke about emerging threats and how to combat them. Cybersecurity events have skyrocketed in recent years, both as organisations have slowly deployed new digital technologies across their businesses and as companies have transitioned to hybrid work models following the pandemic.

The importance of an effective cybersecurity program

Emerging digital workplaces opened attack vectors that hackers have exploited, making a robust cybersecurity program essential. A cybersecurity program makes organisations more resilient, enabling you to protect your reputation, conduct proper risk assessment and ensure regulatory compliance.

A cybersecurity program combines security controls, procedures, teams and remedial plans to reduce cybersecurity risk and recover data following an attack.

Why implement a cybersecurity program?

  • Protect your reputation: Business reputations in the digital economy depend on an organisation’s ability to protect the personal data of customers. A strong cybersecurity program, demonstrates that customers’ personal data is taken seriously, building trust.
  • Stay compliant: Regulatory agencies are responding to the cybersecurity threat by introducing and refining compliance regulations. An effective security program includes controls ensuring adherence to regulations, helping organisations avoid costly non-compliance investigations and fees.
  • Coordinate cybersecurity efforts:  An organisation’s cybersecurity strategy may be fragmented across departments, leaving gaps in their security posture for hackers to exploit. A cohesive cybersecurity program ensures standardised alert detection, threat analysis and incident response across the organisation.
  • Mitigate third-party risk: Outsourcing operations to third-party vendors exposes firms to risk, which can be more difficult to identify and protect against. A well-developed cybersecurity program includes third-party security protocols and ensures third parties have adequate controls to protect the organisation’s sensitive data and mitigate risk.

Four cybersecurity program essentials

There are numerous ways to create an effective cybersecurity program, and security controls should address specific requirements of the organisation, but there are some essential elements:

Business and data recovery plan 

Organisations require plans to recover data and ensure business operations quickly return to normal. Organisations should keep regular data backups — preferably stored off-site — to mitigate data loss from an attack.

Cybersecurity training 

People are an organisation’s most important asset but pose a cybersecurity risk, as hackers often exploit mistakes to penetrate systems. Ongoing training sessions with employees on best practices ensure they are doing everything possible to protect account information.

Relevant performance metrics 

It is important there are procedures to measure the impact and success of the cybersecurity program. Track metrics like mean time to detect (MTTD), intrusion attempts and mean time to contain (MTTC) to quantify performance.

Ongoing monitoring

Organisations need to stay abreast of emerging threats and constantly test their own security systems to better understand where new vulnerabilities exist.

Steps to building a cybersecurity program

Here are the basic steps to craft a cybersecurity program:

  1. Outline a cybersecurity vision:  Detail a vision that places the proposed cybersecurity program inside the broader digital journey of the organisation.
  2. Conduct a risk assessment: Identify malicious actors interested in penetrating your systems and stealing critical data. These could be amateur black-hat hackers or cyberterrorists.
  3. Identify relevant compliance regulations: These vary by industry, so it’s critical organisations understand relevant regulations and build controls that ensure compliance.
  4. Place proper controls:  Identify the tools, procedures, personnel and software for the cybersecurity program you envision.
  5. Conduct ongoing gap analyses: Regularly test technological solutions, governance procedures and security personnel to ensure cybersecurity policies are properly implemented and identify gaps.

For more information: Visit www.alertlogic.com to learn more.


The views, opinions and positions expressed within guest blogs are those of the authors and do not necessarily represent those of the BSA.

You may also be interested in...

BSA Card
  • BSA.Event Event
  • Prudential Regulation

Treasury management training for credit unions

The objective of the course is to introduce participants to the role of Treasury, providing an introduction to financial markets, yield curves and how...

BSA Card
  • BSA.Event Event
  • Audit & Taxation

Risk, regulatory, audit and accounting seminar

After a successful in-person event in 2024, and responding to delegate feedback, this year's annual update will once again take place in Birmingham. ...

BSA Card
  • BSA.PressRelease Press Release
  • Prudential Regulation

BSA responds to Bank of England announcements

Responding to today's announcement from the Bank of England, Ruth Doubleday, Head of Prudential Regulation at the BSA said: "The BSA welcomes the c...

BSA Card
  • BSA.Event Event
  • Thought leadership

Navigating Uncertainty: Omnichannel Customer Communications That Build Trust in Financial Services

A free webinar hosted by BSA Associate, Quadient We’re excited to invite you to our upcoming thought leadership webinar: "Navigating Uncertaint...

BSA Card
  • BSA.PressRelease Press Release
  • Savings

Open letter to the Chancellor to save Cash ISAs

Open letter to the Chancellor highlighting the importance of retaining the Cash ISA limit

BSA Card
  • BSA.PressRelease Press Release
  • Savings

BSA comments on the news that reform of Cash ISAs on hold

The BSA welcomes the announcement

BSA Card
  • BSA.Event Event
  • Prudential Regulation

Treasury risk and balance sheet management

Due to popular demand, we now offer three tiers of treasury management training for BSA Members, Associates and Non-members. The courses will be repea...

BSA Card
  • BSA.Event Event
  • People

Women's Leadership Programme - "The Becoming Journey®"

Taking place between 12 Sept. - 3 Dec. 2025

BSA Card
  • BSA.PressRelease Press Release
  • Mortgages & Housing

PRA announces review of the Loan to Income flow limit rule

The Building Societies Association (BSA) welcomes news that the PRA is reviewing the Loan to Income (LTI) flow limit rule