Covid-19 security challenges leave bank customers at risk

Despite more than 70% of banks and insurers having experienced a 32% rise in cyber crime during the Covid-19 pandemic, financial institutions (FIs) have slashed their IT security, cyber crime, fraud and risk department budgets by 27% in the past 12 months, and 43% of FIs say implementing remote working models has made them more insecure.

That is according to new research released by BAE Systems’ cyber security wing, BAE Systems Applied Intelligence, which found the pandemic has left gaping holes in FI networks. In The Covid Crime Index 2021, which comprises data drawn from a survey of 401 UK-based financial services organisations, 46% of FIs said they had less visibility of their organisational security posture, 34% said their customers were at greater risk of cyber crime or fraud as a result, and 19% said they were not confident they could do enough to protect customers.

The firm said the monetary impact of cyber criminal activity in the past 12 months has been significant, with 49% of FIs in the UK reporting an upsurge in financial losses, with the average cost put at £575,915 and rising. But despite this, security teams are losing money and personnel – budgetary cuts mean 38% of FIs have had to cut back on critical technology spending, and 30% have had to reduce the size of their security teams during the pandemic.

“We are noticing a clear collaboration emerging between different groups of criminals across the wider landscape of serious and organised crime,” said Adrian Nish, head of cyber at BAE Systems Applied Intelligence.

“Fraudsters and cyber criminals seek to exploit fear, uncertainty and change, and the pandemic has offered them new opportunities to probe for weaknesses they can monetise and new ways to disguise their activity.

“Attackers are building increasingly advanced capabilities to target core banking systems and are becoming more aggressive, harming victims’ ability to respond to attacks. Online criminals have reacted fast, adapting their approach to hunt out remote working security gaps and prey on the vulnerable.”

A secondary study conducted alongside the report found that as a result of these challenges, one-fifth of UK consumers have been targeted by cyber criminals or fraudsters during the pandemic. More than a quarter said they had seen an email hoax relating to Covid-19 and 20% had been targeted in SMS, or smishing attacks. Average losses to consumers clocked in at £866.

Also, 54% of consumers surveyed said they believed it was the job of their bank to protect them, and 52% said they would like banks, credit card providers and other FIs they dealt with to provide more guidance on how to be better protected. And FIs should be incentivised to do so, as more than 80% said protection from cyber crime would be a factor when changing or choosing an FI to deal with.