Why banks need to unify technology, risk, and security

  • Financial Services
  • Michael Murphy
  • Solutions
  • 2023
June 20, 2023

technology risk: smiling woman on couch holding a credit card, looking at a laptop

In today's dynamic banking environment, effective management of technology risk is paramount. The rapid adoption of new digital tools and solutions is exposing banks to a battery of technology threats that can bring down their operations.

These growing risks range from cyberattacks and fraud to internal software failures and system misconfigurations—and they have CEOs on alert. According to a survey of 750 global banking executives conducted by ServiceNow and ThoughtLab, seven out of 10 CEOs say technology risk is the biggest danger to their bank. And 64% of CEOs expect technology risk to increase over the next two years.

On top of that, regulators are demanding increased accountability from boards of directors and senior executives. Four out of 10 banks ensure the board and senior management oversee technology risk management. That number is expected to rise in two years’ time.

The need for better technology risk management

Accelerating digital innovation is driving the need to improve risk management and resilience. About a quarter of C-suite executives—and more than a third of chief operating officers—say worries about introducing technology risks are preventing their firms from innovating.

Another 23% of C-suite executives—and 27% of chief information officers—think their innovations create risks because they don’t involve IT, risk, and security teams early enough in the process. Nearly half of executives believe these functions must work well together to successfully manage tech risk.

Internal forces matter just as much as, if not more than, external ones. Hackers and nefarious actors cause only 6% of all failures at major banks, according to The Financial Brand.

Most major incidents result from events that can be controlled from within, such as deficient software, inadequate change processes, deployment issues, and human errors. This reality accentuates the need for cross-team collaboration, bringing together experts in technology risks, human risks, process risks, etc.

The impact of siloed teams and data

Although most banks have systems, technologies, and processes to manage risks, the systems often operate as point solutions that amplify silos across people, processes, and data. In fact, siloed data and tools is the top technical challenge risk teams at banks face when seeking to improve technology risk management, according to the ServiceNow/ThoughtLab research.

With disconnected teams and data, it’s a herculean effort to ensure technology and security teams are properly managing risks throughout the technology lifecycle and operating in a compliant manner. This fragmentation often prevents chief risk officers, information security officers, and technology leaders from having an accurate and current view of risk levels, control effectiveness, and issue remediation.

Even for banks at a high level of risk maturity, 40% believe IT, cybersecurity, and risk executives have only partial visibility across IT infrastructure, security systems, and business processes.


IT and cybersecurity departments have been isolated in the past, but we have learned that we need to coordinate with other groups. -Global Head, Crisis Mgmt., Cyber, and Technology Risk, A Top-Tier French Universal Bank

Communication and coordination for best results

Unifying technology, security, and risk organizations is an important step on the journey to becoming a leader in risk management and resilience—and innovating and growing.

In fact, 62% of leaders in technology risk and resilience plan to ensure IT, risk, and cybersecurity teams work together more closely over the next two years. The right organization and culture across these teams can create a “defensive triad” that solidifies the connective tissue behind a confident risk posture.

“IT and cybersecurity departments have been isolated in the past, but we have learned that we need to coordinate with other groups,” noted a global head of crisis management, cyber, and technology risk at a top-tier French universal bank. “We might be able to solve technical issues, but not the tactical or strategic ones. We are working to break down the silos.”

IT and cybersecurity teams realize they must work with each other and with a range of decision-makers from the business, including the CEO, senior managers, and operational and financial risk managers. To improve coordination, more than a quarter of leaders have expanded the role of the chief risk officer to include IT risk, a percentage that is expected to grow to 36% in two years.

Intelligent orchestration and monitoring

Integrated risk platforms provide banks with a full view of cyber, technology, enterprise, and operational risks, as well as a common set of tools to manage them.

Over the next two years, nearly all leaders in technology risk management—and three-quarters of less mature organizations—will use an integrated risk platform, according to the research. This will be essential for banks as they strive to incorporate technology risk into their overall risk frameworks and take a more holistic risk approach.

When risk, security, and technology teams work together to intelligently orchestrate and monitor processes on one platform, banks can:

  • Improve risk posture: Financial institutions can identify and respond to risks fast. Teams can address risks and threats before they become breaches or audit findings. By continuously monitoring technology and security controls, firms can reduce the number of high-priority issues, leading to a strong risk and compliance posture.  

  • Bolster security: Modernizing your security operations can optimize resilience, productivity, and costs. This is possible with a rationalized environment that spans all departments. 

  • Reduce costs: Automation built into every aspect of risk and compliance management can greatly reduce manual efforts and the potential for operational losses due to regulatory fines, audit findings, or risk failures.  

  • Accelerate innovation: With unified technology systems and processes, business leaders and tech leaders can innovate more rapidly across the business while mitigating risk.

Gain more insights in the full research report: Conquering technology risk in banking.

© 2023 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.


  • Health and safety: 2 workers in hard hats examining a facility
    Crisis Management
    ServiceNow acquires Enable tech to improve health and safety management
    ServiceNow-acquired Enable technology—native to the Now Platform—will help accelerate and scale existing health and safety solutions. Learn more.
  • Humans in the loop: woman holding phone against neon-lit background
    AI and Automation
    Put humans in the loop to generate real value from generative AI
    Generative AI has shaken up the business and tech world, but the best tech involves incorporating humans in the loop to address challenges. Find out why.
  • Work-study program student Jasmine M. with ServiceNow employee Albert O.
    Work-study program offers high schoolers a start in tech
    We’ve partnered with Cristo Rey San Jose Jesuit High School’s Corporate Work Study Program since 2020 to empower students from underserved communities.

Trends & Research

  • RPA: group of workers gathered around a conference table looking at a laptop
    AI and Automation
    Forrester report: ServiceNow debuts as a Strong Performer in RPA
  • #1 in ITSM, AIOps and IT Operations Market Share: Organizations around the world count on ServiceNow in times of change.
    IT Management
    ServiceNow is No. 1 for AIOps, IT operations, and IT service management categories by market share
  • ESG technology: green surrounding a river, woman smiling, 2 government employees in conversation
    Cybersecurity and Risk
    Survey says ESG technology drives results