A survey of 100 senior business decision-makers shows that 70% of UK financial companies suffered a cyber security incident in the past 12 months, with nearly half (43%) caused by employee failure to follow company security protocols or data protection policies.
This threat was biggest in mid-sized financial companies (3,000-4,999 employees), with 52% of respondents citing employee failure to follow corporate data protection policies as their biggest issue, according to the survey, commissioned by security firm Clearswift.
Financial services are among the most attractive targets for cyber attackers, recent security research reports have revealed, with a broad range of cyber threats facing the global finance industry, which represents a one-stop shop for attackers, providing essential funding for the underground economy.
The Clearswift survey shows that after failure to follow policies, key causes of security incidents include introduction of malware and viruses via third-party devices (32%), file and image downloads (25%) and employees sharing data with unintended recipients (24%).
“The financial sector is the lynchpin of the UK’s economy and a vital part of our nation’s critical national infrastructure,” said Guy Bunker, CTO at Clearswift. “So it is alarming to see such high numbers of security incidents within financial organisations.
“Unfortunately, in this day and age, it is a case of ‘when’ not ‘if’ a firm is breached, so the financial sector needs to shift gears and speed up the innovation and deployment of effective data protection and threat mitigation strategies.”
The survey findings not only highlight the serious threat that data breaches and malicious attacks pose to the UK’s financial sector, but also the fact that financial organisations have not allocated sufficient budget to fighting the threat.
The majority of respondents (73%) said they would like to see an increase in cyber security spending, while only 23% said their cyber security budget was “adequate”.
“Whether it’s an inadvertent mistake, a malicious insider or an external threat actor that causes a security incident, the ramifications of data loss are extremely serious for any organisation,” said Bunker.
Read more about cyber security for financial services
- Financial services firms reported 819 cyber incidents to the Financial Conduct Authority in 2018, up from just 69 incidents in 2017, an increase of more than 1,000%.
- Information security chiefs in the financial sector say cyber security awareness needs to be a top priority.
- UK finance sector cyber security pros admit shocking practices.
- Financial institutions need to rethink security, say analysts.
“For those organisations that hold citizen data and their financial information, there is a need for extra vigilance to protect that data no matter where it is stored, how it is processed or what digital collaboration channels it flows through.”
Understanding the latest threats and the potential consequences from next-generation attacks will help drive the business case for investment in new technology to mitigate the risks, said Bunker.
“Cyber security needs to rapidly evolve and the budgeting process should take this into account – the threat that can bring down a company may not have existed three months ago,” he said. “Financial organisations need to be able to respond immediately in order to protect their reputation.
“While many areas of securing a company’s data can be improved by educating employees and developing clear policies and processes, technology plays a key role in mitigating today’s biggest threats through automating and enforcing security protocols – which requires investment.”
Bunker added: “With the competition only a mouse click away for those with poor security, great information security is a positive business differentiator and driver of growth.”