You only need to take a quick look at news headlines on any given week to understand that no industry is safe from cyber attacks. But while it’s true that attacks and data breaches proliferate across sectors, the impact of cyber attacks isn’t equally spread. When you look at the numbers, organizations in the financial services sector are taking the biggest hit, but they’re also hard at work trying to get a hold on the situation.
Let’s look at some numbers to understand the scope of the problem:
- Financial services firms suffer from cyber attacks 300 times more than businesses in other industries.
- The rate of cyber attacks against financial services firms has tripled over the last five years.
- It costs these firms more money to address and contain a cyber attack than business in other industries: roughly $18 million per firm, versus $12 million per firm in other industries.
- Business disruption and information loss account for roughly 87 percent of cybercrime response costs for financial services firms.
If you work in or alongside financial services firms, these statistics may not surprise you. Financial institutions are a natural target for cybercrime, thanks to the nature of data that these organizations receive, store, and transfer on a daily basis. But even though the rate of attacks may seem logical, not every financial services firm has a firm grasp on protecting their businesses and customers from malicious or negligent actors.
If we look at the numbers again, we’ll see that some eye-opening statistics. For example, less than a third of financial services firms use advanced analytics in their cybersecurity initiatives, and only a quarter of firms have deployed AI security technologies. Research also estimates that 66 percent of firms are not confident in their business’s ability to recover from a cyber attack.
So what is actually being done by these firms to get the cybersecurity giant under control? A recent study by Deloittegave us a much better understanding of what a financial services firm’s cybersecurity profile looks like. Here are some key takeaways:
- On the board and management committee level, almost all companies are interested in their organization’s cybersecurity strategy.
- Two-thirds of large financial services companies have a fully centralized cybersecurity function.
- Companies that don’t have mature security programs are looking for help outside, most often in the form of “red team” operations.
- At large companies, cyber risk management budgets range from 5 percent to 20 percent of the total IT budget, averaging out at about 12 percent.
- Budget allocation spans various domains, with most spending on cyber monitoring and operations (21 percent), endpoint network security (15 percent), and cybersecurity governance and cyber resilience (both 12 percent).
The central challenge that financial services organizations face is one that isn’t exclusive to their industry: resources. Unfortunately, a lack of financial and human resources is one of the biggest obstacles to being proactive about security. So while executives and security pros alike may understand the scope of the problem, not every company is in a position to dedicate 20 percent of its IT budget (or more) to security.
So, what does that mean for the organizations? It means doing more with what you have. And this is a conversation we often have with our financial services customers and prospects out in the field. When you don’t have infinite money to spend on ripping and replacing your existing solutions, nor the flexibility to hire a security team of 100 professionals, you have to choose your technology partners carefully. At Interset, this is our objective: do deliver powerful behavioral analytics that can take the burden off your security team and augment your existing technologies.
If you’re a financial services security professional, we’d love to chat more with you.
Alan Harrington is a Global Business Development at Interset.