Published on November 25th, 2022 📆 | 5949 Views ⚑0
Less than a quarter of financial services organisations feel their business is very well prepared to defend against cyberattacks
Financial services organisations in the UK are preparing for an onslaught of increased cyberattacks in the next year, according to new research by Keeper Security. The 2022 Financial Services Cybersecurity Census Report uncovered that, on average, UK financial services businesses experienced 39 cyberattacks in the last 12 months and one in 10 experienced between 500 and 1,000 attacks.
Cyberattacks within the financial services sector can trigger a serious financial crisis, compromise digital records and transactions, and undermine trust in the financial system. Organisations therefore have a duty to keep pace with bad actors by understanding how cybersecurity is transforming and the harmful impacts on businesses if threats are not contained.
99% of UK financial service organisations surveyed as part of the study reported that cybersecurity was important to C-suite, yet there are signs they might not be prepared for future cyberattacks. Just a quarter (23%) of IT leaders in these organisations feel their business is very well prepared to defend against cyberattacks, while identifying and responding to cyberattacks has also become more challenging, with more than half (51%) saying they now need more time to identify and respond to attacks.
The study also raised concerns about the software in place for countering cybercrime, from SaaS infrastructures, to the availability of password managers, as well as credentials hard-coded into source codes. The study indicates a need for faster response times to cyberattacks, better reporting of them and more robust software infrastructures. This, coupled with demand for stronger internal security hygiene, points to a need for a more long term and strategic approach to dealing with cybercrime.
Investing in Defences
Despite encouraging investment in cybersecurity training, more investment in technology is necessary to adequately stave off cyberattacks. 78% of respondents say that they have invested in bringing on new cybersecurity personnel in the past year and, of the changes implemented over the past year, increasing training (59%) was at the top of the list.
But the challenge will be investing in the right skills and technology. At present, a quarter do not have a secrets manager to help manage IT secrets such as API keys, database passwords and credentials. Similarly one in five do not have a connections manager to help manage remote access to privileged infrastructures which, in the hybrid working era, is troubling.
The Impact of Cyberattacks
Almost a quarter (22%) of financial services businesses have experienced financial theft as a result of a cyberattack and, of those who had money stolen, 26% lost between £100,000 and £999,999.
But the study found financial damage can be the tip of the iceberg for businesses that have been victims of a cyberattack. 45% have suffered reputational damage. 42% suffered disruption to trading, impacting their ability to do business overseas, with over one in five suffering disruption to customer operations or damage to the supply chain. Any one of these incidents can inflict critical harm to a business in this turbulent economy.
Investing for the Future
Nearly half of those surveyed agreed that the accelerated digital transformation due to the COVID-19 pandemic, and the need to quickly adapt to new technologies, have sometimes led to overlooked security practices.
However, there are positive signs in terms of a willingness to invest in cybersecurity defence. The vast majority, (78%) of respondents say that they have made investment in cybersecurity personnel. Of the 22% who had not made those investments yet, there are plans to do so in the form of a cybersecurity specialist in the future.
Darren Guccione, Keeper Co-founder and CEO commented: “The results from our census show that IT leaders in financial services organisations clearly demonstrate that cybersecurity is considered a priority, though future investment is not being treated with the urgency it deserves. In challenging economic circumstances, the most effective means of addressing cybercrime will be better management. That includes cybersecurity training, database access through unique, non-shareable passwords, reporting cybercrime faster, and having managers with the expertise to oversee cybersecurity. The time to act is now.”