Andrea Danti - Fotolia

Banks suffer average of 85 attempted serious cyber attacks a year, and one-third are successful

Banks face daily cyber attacks, many of which succeed in stealing data, research finds

Senior security staff at banks are confident in their cyber security activity despite one-third of attempts by cyber criminals to breach these defences being successful.

A survey of security executives at 275 global banks by Accenture revealed that 78% were confident in their overall cyber security strategy. More than half (51%) said they would be able to identify the cause of a breach, 51% said they could measure the impact and 50% said they could manage the financial risk caused by a cyber security event.

But on top of daily phishing, malware and penetration attacks, banks faced an average of 85 serious attempts to breach their cyber defences over the previous 12 months, and 36% of these attacks succeeded in stealing some data, the report revealed. Also, the banks were slow to spot breaches, taking an average of 59 days to detect one.

Almost half (48%) of the executives surveyed thought internal breaches had the biggest impact, and 52% said they were not confident in their organisation’s ability to detect breaches through internal monitoring.

“Bank executives are clearly confident when it comes to their cyber security capabilities, but there is still much work to be done,” said Chris Thompson, senior managing director and head of financial services cyber security and resilience at Accenture Security. 

“Most cyber security assessment programmes, while well-intentioned, are highly theoretical and based on known cyber attack practices. The reality, however, is very different. Fast-moving, dynamic threats are creating new challenges every day. Banks should focus on deploying practical testing scenarios that focus inside the perimeter to ultimately make the crooks’ job as difficult as possible.”

The survey identified the importance of raising staff awareness of security risks, finding that 99% of respondents were alerted to many breaches by their employees.

Read more about cyber security in banking

 
But banks could face a challenge in the coming years because of a lack of cyber security skills, according to the research.

Banks said they expected skills shortages in endpoint/network security (61%), incident response (53%) and vulnerability management (53%).

“While defending the perimeter is crucial, it is often the people inside the walls that present the biggest risk, but also the biggest weapon in the fight for resiliency,” said Thompson.

Speaking to Computer Weekly in January this year, one cyber security expert in the UK banking sector said the speed that a crisis could develop after a cyber attack posed a major challenge. “The financial crises in the past took months or years to build up, so if regulators are paying attention, there is time to prepare,” he said. “But in the case of a successful cyber attack, it can happen in a matter of minutes with no prior warning, so the shock may be greater.

“Banks are attractive targets and they are under a constant barrage of cyber threats, so purely on the basis of statistics, if there are millions of attempts every year, there is a fair chance a few major incidents will take place.”

Cyber security expert Richard Benham, a visiting professor at the University of Gloucestershire, warned recently that a major bank will not recover from a cyber attack this year.

He said there would be a run on a bank following a cyber attack. This would also see customers withdraw their money because of a loss of confidence, leaving the bank in breach of solvency rules.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT for financial services

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Simon Smith eVestigator, Cyber Security Expert here. To me the answer is very simple. With those statistics, one word stands out loud and clear. Phishing, Phishing, Phishing. Can banks not make their advertising campaigns stronger that they will NEVER EVER communicate online. The move away from paper billing is the worst move that companies kept pushing. I myself albeit (love everything not paper) want paper billing because it forces me to see it and get rid of it. If we remove electronic communication from all financial institutions and made it a standard ban, across the country - it would be significantly reduced to Employee only attacks. Then the companies can look at mitigation techniques there. The amount of fraud I see is phenomenal.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close