Why banks need to unify technology, risk, and security

  • Financial Services
  • Michael Murphy
  • Solutions
  • 2023
16 August 2023

technology risk: smiling woman on couch holding a credit card, looking at a laptop

In today’s dynamic banking environment, effective management of technology risk is paramount. The rapid adoption of new digital tools and solutions is exposing banks to a battery of technology threats that can bring down their operations.

These growing risks range from cyberattacks and fraud to internal software failures and system misconfigurations—and they have CEOs on alert. According to a survey of 750 global banking executives conducted by ServiceNow and ThoughtLab, seven out of 10 CEOs say technology risk is the biggest danger to their bank. And 64% of CEOs expect technology risk to increase over the next two years.

On top of that, regulators are demanding increased accountability from boards of directors and senior executives. Four out of 10 banks ensure the board and senior management oversee technology risk management. That number is expected to rise in two years’ time.

The need for better technology risk management

Accelerating digital innovation is driving the need to improve risk management and resilience. About a quarter of C-suite executives—and more than a third of chief operating officers—say worries about introducing technology risks are preventing their firms from innovating.

Another 23% of C-suite executives—and 27% of chief information officers—think their innovations create risks because they don’t involve IT, risk, and security teams early enough in the process. Nearly half of executives believe these functions must work well together to successfully manage tech risk.

Internal forces matter just as much as, if not more than, external ones. Hackers and nefarious actors cause only 6% of all failures at major banks, according to The Financial Brand.

Most major incidents result from events that can be controlled from within, such as deficient software, inadequate change processes, deployment issues and human errors. This reality accentuates the need for cross-team collaboration, bringing together experts in technology risks, human risks, process risks, etc.

The impact of siloed teams and data

Although most banks have systems, technologies, and processes to manage risks, the systems often operate as point solutions that amplify silos across people, processes, and data. In fact, siloed data and tools are the top technical challenge risk teams at banks face when seeking to improve technology risk management, according to the ServiceNow/ThoughtLab research.

With disconnected teams and data, it’s a Herculean effort to ensure technology and security teams are properly managing risks throughout the technology life cycle and operating in a compliant manner. This fragmentation often prevents chief risk officers, information security officers and technology leaders from having an accurate and current view of risk levels, control effectiveness and issue remediation.

Even for banks at a high level of risk maturity, 40% believe IT, cybersecurity, and risk executives have only partial visibility across IT infrastructure, security systems and business processes.

IT and cybersecurity departments have been isolated in the past, but we have learned that we need to coordinate with other groups. -Global Head, Crisis Mgmt., Cyber, and Technology Risk, A Top-Tier French Universal Bank


Communication and coordination for best results

Unifying technology, security, and risk organisations is an important step on the journey to becoming a leader in risk management and resilience—and innovating and growing.

In fact, 62% of leaders in technology risk and resilience plan to ensure IT, risk, and cybersecurity teams work together more closely over the next two years. The right organisation and culture across these teams can create a “defensive triad” that solidifies the connective tissue behind a confident risk posture.

“IT and cybersecurity departments have been isolated in the past, but we have learned that we need to coordinate with other groups,” noted a global head of crisis management, cyber, and technology risk at a top-tier French universal bank. “We might be able to solve technical issues, but not the tactical or strategic ones. We are working to break down the silos.”

IT and cybersecurity teams realise they must work with each other and with a range of decision-makers from the business, including the CEO, senior managers, and operational and financial risk managers. To improve coordination, more than a quarter of leaders have expanded the role of the chief risk officer to include IT risk, a percentage that is expected to grow to 36% in two years.

Intelligent orchestration and monitoring


Integrated risk platforms provide banks with a full view of cyber, technology, enterprise and operational risks, as well as a common set of tools to manage them.

Over the next two years, nearly all leaders in technology risk management—and three-quarters of less mature organisations—will use an integrated risk platform, according to the research. This will be essential for banks as they strive to incorporate technology risk into their overall risk frameworks and take a more holistic risk approach.

When risk, security, and technology teams work together to intelligently orchestrate and monitor processes on one platform, banks can:

  • Improve risk posture: Financial institutions can identify and respond to risks fast. Teams can address risks and threats before they become breaches or audit findings. By continuously monitoring technology and security controls, firms can reduce the number of high-priority issues, leading to a strong risk and compliance posture.
  • Bolster security: Modernising your security operations can optimise resilience, productivity and costs. This is possible with a rationalised environment that spans all departments.
  • Reduce costs: Automation built into every aspect of risk and compliance management can greatly reduce manual efforts and the potential for operational losses due to regulatory fines, audit findings or risk failures.
  • Accelerate innovation: With unified technology systems and processes, business leaders and tech leaders can innovate more rapidly across the business while mitigating risk.

Gain more insights in the full research report: Conquering technology risk in banking.

© 2023 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.


  • Vancouver release: Put AI to work with the Now Platform
    Now Platform
    Meet the Now Platform Vancouver release: GenAI, security, and agility
    The Now Platform Vancouver release delivers innovation and GenAI, security, and agility solutions to maximise efficiency, optimise processes, and reduce costs.
  • manufacturing production: 2 workers in hard hats looking at a piece of machinery
    Protecting manufacturing production in turbulent times
    With rising budget requirements, inflation, cyber risks, and supply chain disruption, how can manufacturing production operate continuously? Find out.
  •  Fabio Spoletini, the new ServiceNow VP for EMEA South
    Meet Fabio Spoletini, the new ServiceNow VP for EMEA South
    We caught up with Fabio to discuss his time at ServiceNow, the key challenges he wants to address, and his goals for the region going forward.

Trends & Research

  • ESG technology: green surrounding a river, woman smiling, 2 government employees in conversation
    Cybersecurity and Risk
    Survey says ESG technology drives results
  • Digital innovation: three workers looking at a computer monitor.
    AI and Automation
    Survey says digital innovation is the way to navigate macro uncertainty
  • COVID-19 has prompted creative solutions to keep the enterprise running
    Employee Experience
    COVID-19 has prompted creative solutions to keep the enterprise running