Other than reviewing the Inherent Risk Assessment (IRA), factor analysis has been performed to statistically categorize certain internal factors and related risks, including payment provision risk, banking services risk, cyber threat risk, and attack variety risk. Surprisingly, the former two factors hold higher risk levels than the latter ones. This provides an eye-opening perspective to improve banks’ monitoring strategies and network security.
What’s more, the analysis also indicated that banks with high-risk scores are often accompanied by advanced maturity scores in the maturity assessment (MA). Yet, most medium-risk banks fail to reach their target scores. Even though most banks excel in cybersecurity, third-party risk management and external connections continue to be the weakest links in the system.