Two-thirds of financial institutions responding to a MetricStream Research survey experienced a cyberattack in the past year. The survey queried “C-level information security professionals” associated with 60 global financial services firms of various sizes and segments, including banking, insurance, asset management, diversified financials, investment services and foreign exchange services.
The survey suggested that insider threats continue to play a prominent role in the financial cybersecurity landscape. In fact, 48.5 percent of respondents reported that most cyberattacks were enabled by employees.
Cybercriminals love to target the financial industry because, quite simply, that’s where the money is. In response to this persistent threat, 91.2 percent of survey participants reported formally introducing cybersecurity into their enterprise risk management (ERM) program.
The specifics of the cybersecurity components in those ERM programs may need to change over time. The financial industry has its own particular security risks and regulatory frameworks to respond to them. Any security best practices evolve over time. so it’s a good idea to review them regularly as they apply to the institution.
For example, any evaluation of the risk management program should consider current information about the various threats that security professionals might find when they remediate an attack. It’s critical to know specifically what works and what doesn’t with respect to the institution’s situation.
You don’t have to do all the heavy lifting in-house. Unsurprisingly, 70.6 percent of respondents reported that third parties played a role in their ongoing security efforts.
Security-as-a-service may be a very useful specialization for some organizations. Rather than being forced by necessity to build its own in-house expertise, a company can simply buy it as a package from a vendor and rely on round-the-clock servicing to protect their assets. They might need it, too: 55.9 percent of respondents reported an increase in attacks from previous years, while just 2.9 percent said that threats were decreasing.
Almost all agree that financial cybersecurity is a necessity in today’s world, but how those affected organizations go about achieving security is up in the air. Leveraging outside expertise and running risk management programs are only the tip of the iceberg.