The financial sector is facing a paradox: We have more tools, stricter policies, and higher compliance standards than ever before, yet the human element remains the most significant variable in the risk equation.
In our latest edition of Zepo Talks, our Global Head of Sales, Chris Carr, sat down with Myriam Hofri, CEO and former COO in financial services with over 20 years of experience. Together, they unpacked the reality of financial awareness in action.
Here is a breakdown of the critical insights from their conversation on building resilient, risk-ready organizations.
- Awareness is Integrity
A recurring theme in cybersecurity training is the “tick-box” mentality. However, Myriam Hofri offers a more profound definition of awareness: “Behaving in the right way when no one is looking.”
Psychological safety is a prerequisite for a Speak Up, Listen Up culture.
In the age of AI and automation, technical safeguards are the baseline, but they are not the cure. You can have the most robust data-driven technology, but if the human sitting at the center is not educated or motivated, the organization remains exposed. The shift in financial services is moving from hiring purely for skill sets to hiring for mindset and morality.
- The Problem with “Static” Risk Frameworks
One of the most compelling points raised during the webinar was the obsolescence of static risk tools.
Many financial institutions rely on the RCSA (Risk Control Self-Assessment) process, which is typically performed annually. Myriam argues that in a world where cyber threats evolve weekly, a yearly review is insufficient.
The Reality: by the time you review a risk assessment a year later, the market has moved, the client base has changed, and the threat landscape has shifted.
The Solution: we need dynamic risk frameworks. Tools must be agile enough to integrate new risk taxonomies immediately—not in six-month release cycles.
- The Leadership Knowledge Gap
Cyber risk is often viewed as an IT problem, but it is fundamentally a business integrity issue. A startling observation from the discussion is the lack of cyber training at the board level.
“I am still baffled by the lack of training that board members will have when it comes to cyber risk… It’s not even a topic that is being discussed at a board level.” shared Myriam.
To build a positive cyber culture, the “tone from the top” is essential. Senior management must have the bandwidth and the mandate to engage in continuous learning regarding emerging AI and cyber threats.
- Hiring for Critical Thinking in the AI Era
As AI takes over process-driven tasks, the human role in financial services is shifting toward critical analysis. Myriam suggests that the most resilient teams are those built with cognitive diversity.
We need to hire individuals who are not afraid to challenge the status quo and raise concerns. However, this requires organizations to provide a “safe space”, psychological safety is a prerequisite for a Speak Up, Listen Up culture.
If you are a CISO, a Risk Manager, or a Leader in the Financial sector, this conversation is a blueprint for the future of human risk management.
How do you incentivize risk awareness? Should compensation be linked to cyber behavior? Myriam and Chris dive deep into these questions and more.
