Industry reports suggest that hackers target financial service firms 300% more often than any other sector – and that this will not change.
Cybercrime has jumped to the second most reported economic crime in PWC’s Global Economic Crime Survey and financial institutions are prime targets. As cybercriminals find new ways to attack, breach, and exploit organizations, threat patterns such as phishing, spear-phishing, and social engineering evolve and become more sophisticated. Financial organizations need solutions that assess vulnerabilities and their vendor’s vulnerabilities in real-time. Cybersecurity departments for financial organizations face compounding challenges. Threats from cybercrime have increased and legacy IT systems are increasingly becoming a risk factor, especially in the financial industry. Many financial organizations rely on legacy IT systems that are expensive to maintain, prone to more unpatched vulnerabilities and the general challenges of software integration and architecture upgrading compound when mergers and acquisitions are in place. As banks continue to grow through acquisition, legacy systems from the acquired organization—and the vulnerabilities that come with them—can remain in place for years.
- U.S.regulators have increased the visibility of cybercrime by requiring cyber incidents which have had a material impact to be disclosed in registered public company filings. Several large FS organizations have thus been prompted to disclose within their 10K filings with the SEC that they have been targeted by cyber attacks.
- Financial Service Firms need to educate employees at all levels (from C-suite to junior management) about cyber threats – cybercrime is not just the domain of the IT/ network security function. There are different types of cybercrime, from hacktivism to data theft, which affects different functions of the bank in varying ways.
- There is a stark disconnect in the perception of cybercrime risk within Financial Service organizations. Internal audit, compliance, and risk functions thought it was more likely than unlikely that their organizations would experience cybercrime whilst the opposite was true for finance and executive management. At the same time, cyber insecurity is seen as a key threat by CEOs – results from PwC’s 17th Global CEO Survey show that more than 70% of Banking & Capital Markets CEOs see cyber insecurity as a threat to growth, more than any other sector.