Cybersecurity Risk Management in the Finnish Financial Industry

Abstract

This thesis investigates how Finnish and European Union regulations influence cybersecurity risk management techniques within the financial sector. With technology continually evolving and cyber- related risks increasing, the study evaluates the effectiveness of regulations and identifies areas for improvement. The research consists of structured interviews with cybersecurity and risk management specialists from Finnish financial institutions to investigate how these organizations navigate regulation. The core research questions are focused on determining whether existing regulations effectively manage cybersecurity risks, as well as identifying areas for improvement in the current regulatory environment. Results from the study indicate that existing regulations are moderately effective but could benefit from updates to better address emerging cyber threats. More comprehensive regulatory measures are needed, especially in sectors that are currently underregulated, like mobile banking security. The thesis proposes changes in regulations to improve the effectiveness and adaptiveness of cybersecurity measures in the sector. These changes aim to ensure they can not only address current needs, but also prepare for future challenges.