Finance

Industry reports suggest that hackers target financial service firms 300% more often than any other sector – and that this will not change.

 

Cybercrime has jumped to the second most reported economic crime in PWC’s Global Economic Crime Survey and financial institutions are prime targets. As cybercriminals find new ways to attack, breach, and exploit organizations, threat patterns such as phishing, spear-phishing, and social engineering evolve and become more sophisticated. Financial organizations need solutions that assess vulnerabilities and their vendor’s vulnerabilities in real-time. Cybersecurity departments for financial organizations face compounding challenges. Threats from cybercrime have increased and legacy IT systems are increasingly becoming a risk factor, especially in the financial industry. Many financial organizations rely on legacy IT systems that are expensive to maintain, prone to more unpatched vulnerabilities and the general challenges of software integration and architecture upgrading compound when mergers and acquisitions are in place. As banks continue to grow through acquisition, legacy systems from the acquired organization—and the vulnerabilities that come with them—can remain in place for years.

  • U.S.regulators have increased the visibility of cybercrime by requiring cyber incidents which have had a material impact to be disclosed in registered public company filings. Several large FS organizations have thus been prompted to disclose within their 10K filings with the SEC that they have been targeted by cyber attacks.
  • Financial Service Firms need to educate employees at all levels (from C-suite to junior management) about cyber threats – cybercrime is not just the domain of the IT/ network security function. There are different types of cybercrime, from hacktivism to data theft, which affects different functions of the bank in varying ways.
  • There is a stark disconnect in the perception of cybercrime risk within Financial Service organizations.  Internal audit, compliance, and risk functions thought it was more likely than unlikely that their organizations would experience cybercrime whilst the opposite was true for finance and executive management. At the same time, cyber insecurity is seen as a key threat by CEOs – results from PwC’s 17th Global CEO Survey show that more than 70% of Banking & Capital Markets CEOs see cyber insecurity as a threat to growth, more than any other sector.

Today’s incidents, yesterday’s strategies – As the digital channel in financial services continues to evolve, cybersecurity has become a business risk, rather than simply a technical risk.

``The Annual Global State of Information Security® Survey`` -PwC, CIO magazine, & CSO magazine

Understandably, at numerous banks and financial institutions, chief risk officers have identified cyber-threats as their top priority for 2017. This issue has been moved to the forefront of bank-board meeting agendas, and senior managers must act fast to mitigate these growing threats to banks. Technological skill and access to resources for attackers have been growing at a faster pace than the defence-mechanism efforts have been enacted by banks.This needs to be tackled head-on, now.

``2017: How Will Banks Address Gaps In Cybersecurity?``, International Banker

Thinking of cyber security solely as an IT issue is like believing a company's entire workforce, from the CEO down, is just one big HR issue.

Steven Chabinsky, Global Chair of Data Privacy & Cyber Security White & Case LLP