Cybercrime is second only to asset misappropriation among economic crimes affecting companies in the financial services (FS) sector, a survey by PricewaterhouseCoopers (PwC) has revealed.
Cybercrime has risen in the past year and accounts for 38% of economic crime in this sector, compared with 16% in other sectors, according to PwC’s latest global economic crime survey.
FS organisations have historically taken significant steps to control and safeguard their customers’ data. The survey showed they are nevertheless concerned about the growing threat.
Half of the 3,800 FS respondents perceived the risk of cybercrime to have increased in the past 12 months, compared with 36% for other industries.
PwC said some of the developing technologies, such as using ‘apps’ to access banking services and mobile phones to make payments, are likely to increase, rather than decrease, these risks.
Financial sector faces higher risk of cyber attack
Download the full research from Computer Weekly
The FS sector remains attractive to criminals due to the nature of the industry, with 45% of FS respondents being hit by fraud in the past year, compared with just 30% in other industries.
Andrew Clark, forensic services partner at PwC, said cybercrime puts the FS sector’s customers, brand and reputation at significant risk.
"Regulators are increasingly viewing cybercrime as a key area of focus, and financial institutions are expected to have appropriate systems and controls in place to fight this growing threat,” he said.
Only 18% of FS respondents said they had in place all five incident response measures specified in our survey
Andrew Clark, PwC
More than half of FS respondents said their greatest concern was reputational damage. The PwC financial services survey report noted that when a cybercrime incident occurs, the first few hours are crucial. "It is particularly important to react quickly and decisively, as the consequences of not doing so can be severe in terms of both financial and non-financial damage," the report said.
“To our surprise, only 18% of FS respondents said they had in place all five incident response measures specified in our survey," said Clark.
The survey also found that nearly a third of staff in FS organisations have not received any cybersecurity-related training.
Some FS organisations are complacent about the risks that cybercrime poses, said Clark, in spite of serious concerns about potential damage arising from cyber threats.
Senior managers bear overall responsibility for cybercrime risk, he said, so it is essential that they ensure there is clear accountability and responsibility within an organisation to deal with it.
The survey showed that FS respondents see cybercrime as predominantly an IT issue.
Cybersecurity recommendations for financial services firms
The PwC FS survey report recommends that:
- Cybersecurity should be embedded into the business and the risks fully defined and understood;
- A fully defined cyber crisis response plan to protect against financial and non-financial loss should be in place.
However, the survey showed that the FS sector is slightly better placed when compared with other industries:
- More than two-thirds of financial services respondents said they had in-house capabilities to detect and prevent cybercrime, compared with 57% in other industries.
- Nearly two-thirds have shutdown procedures in place, compared with 51% in other industries.
- Over half of FS respondents have a media and PR management plan in place, compared with 41% in other industries.