Meet the expert: Daniel Garcia to speak at PrivSec London

Live at Parc Plaza, Riverbank in London on February 28 and March 1, PrivSec London gives global audiences the chance to learn more about Trust, Digital Transformation, Ethics, Data Protection, Privacy, Security and much more. 

The event will also provide a unique opportunity for industry professionals to network with peers and develop business relationships. 

Daniel Garcia is a Senior Risk professional with over 15 years’ experience. Daniel leverages in-depth knowledge of Financial and Non-Financial Risk Management, regulatory change, digital innovation, and cybersecurity across business and control functions.

Daniel will appear exclusively at PrivSec London to discuss strategies and tools that organisations should employ to mitigate cyber threats within third-party risk management.

We caught up with Daniel for more on his career so far, and for an introduction to the themes on the table at his PrivSec London session.

Could you outline your career pathway to date?

I’ve worked in financial services for over 15 years, in banks, asset management, investment banks, and family offices, as well as for consulting and market intelligence firms. For the past two years, I’ve been a leader in the governance, risk, and compliance practice, working in various regions including Europe and Asia. 

My focus has always been on risk management, both financial and non-financial, and I approach my work both as a corporate employee and a consultant, sharing my experiences and lessons learned with others in the industry.

Have there been changes in risk levels of cyber security due to third-party support and services in recent years. If so, why?

From my perspective, the increased interdependency between organisations and new technology has led to exponential growth in the risk of cyber attacks. 

The financial sector and other sectors are becoming increasingly reliant on technology and data, which has exposed vulnerabilities in infrastructure and networks. The sophistication of cyber attacks has also been increasing, as evidenced by new tactics and techniques used during the pandemic. 

The government, industry, and regulators are taking steps to address these challenges, such as establishing the operational resilience framework, which sets principles and guidelines to mitigate risk. 

However, due to the interconnectedness of the supply chain, the risk of a ripple effect from a cyber attack remains high. The financial sector is establishing frameworks to control and mitigate these risks, but the level of sophistication behind cyber attacks is also increasing, moving beyond simple phishing emails to more complex methods of information gathering and system penetration.

What hurdles do organisations face as the bid to put together more robust risk management strategies for employing third parties?

Organisations face challenges in creating robust risk management strategies for employing third parties. The first challenge is to shift from a compliance-based approach to a more dynamic and integrated approach.

Organisations need to understand their dependencies on their suppliers, especially for critical services and how potential risks can impact their operations and services to clients. Currently, many firms view third parties as mere providers and not as business partners, resulting in a siloed approach.

They also have a siloed view of technology, failing to connect the dots between business, service and risk. Additionally, the focus is still on traditional risk management methods like self-assessment, rather than a forward-looking and proactive approach. 

To overcome these challenges, organisations need to adopt a holistic risk management approach that integrates technology, people, and a clear understanding of their capabilities and risks.