Enhancing cybersecurity by reducing complexity for an entire industry

The financial services sector has a more detailed appreciation of risk and compliance than many other industries, and in a strictly regulated environment, it is critical that companies stay abreast of the regulatory and technological developments.

The Challenge


Across the industry, financial institutions and insurance companies were diverting critical human and financial resources away from preventing cyber threats in order to manage burdensome compliance requirements.


This complicated regulatory environment resulted in inefficiencies, lost time, and substantial financial impacts for financial institutions. According to the Banking Policy Institute, one chief information security officer indicated that his team lost 40% of their time reconciling various cybersecurity and regulatory frameworks.


BCG Platinion was brought in by a global coalition of 150 companies to develop the architecture of a unified cybersecurity framework that would improve cybersecurity outcomes while reducing costs.

The Approach


Working with BITS, the technology division of the Banking Policy Institute, and a coalition of over 150 financial services institutions, BCG Platinion developed the Financial Sector Cybersecurity Framework Profile, which harmonizes and consolidates regulatory requirements.


The project began by performing exhaustive reviews & analyses of disparate regulations & frameworks to create a single harmonized taxonomy & lexicon. Based on the insight, BCG Platinion provided technical thought leadership to the industry to achieve critical business & cybersecurity objectives while reducing costs.


The process took 18 months and involved over 40 working sessions with more than 300 individual experts. Participating organizations ranged from community banks and credit unions to large multinational banking, investment, and insurance firms.

The Impact

  • 1.

    Created a flexible framework for companies of all sizes & complexities

  • 2.

    Saved financial institutions countless hours and compliance costs.

  • 3.

    Addressed 80% to 90% of regulatory requirements, providing regulatory evidence to be shared among multiple regulators

    Looking at the Future


    The profile now allows institutions and individual regulators to focus on the core elements of their cybersecurity risk-management missions. And it eliminates the need to “reinvent the wheel” for every new rule.


    It is expected to address regulatory requirements at any given point in time, providing for a single set of regulatory evidence to be shared among multiple regulators. In this way, it frees regulators and companies to focus on the areas of the greatest priority and need.

    Discover More of our Case Work

    BCG Platinion is at the forefront of technology. Our teams solve for the most challenging and impactful problems posed by digital acceleration. View all case studies here and find two selected cases below.


    Next Generation Time Tabling

    System integration with the entire logistics chain and promotion of end-to-end digitization

    Learn more
    Insurance Health Care

    Customer Experience

    Enhancing the customer experience for a leading health insurer

    Learn more