Cloud and ransomware threats and remote employee risks challenge the sector’s confidence in their level of cyber maturity,
Reading, UK – 16 January 2023 – Over nine in ten (94%) financial services companies are confident in their cyber security posture. However, high confidence is being tempered by an increase in successful cyber attacks against the sector, suggesting that further cyber security improvements must be made.
Research from leading cyber security services firm, Bridewell – whose findings can be read in full in the research report Cyber Security in Critical National Infrastructure Organisations: Financial Services – reveals that finance organisations are outperforming their peers across the UK’s critical national infrastructure (CNI) in cyber security confidence and maturity. Organisations are taking on average just 13 days to discover a cyber attack, detecting and mitigating security threats much faster than any other CNI sector. In contrast, the transport and aviation industry takes almost two months (51 days) on average to do the same. The finance sector’s high-confidence, high-performance security posture reflects the relative maturity of organisations’ digital transformation programmes.
But with cyber attacks rapidly expanding in volume and sophistication, 69% of finance organisations have experienced an increase in threats during the last 12 months. Furthermore, the industry has seen the second-largest rise amongst all UK CNI (81%) in cyber attacks following the outbreak of the Russia-Ukraine war, suggesting the sector is far from immune to geopolitical cyber warfare.
This rise in cyber threat comes as the sector embraces new technologies and processes to support more flexible working practices. Widespread cloud adoption in particular is enabling greater organisational agility but also introducing new cyber security risks. Almost half (46%) of cyber decision-makers in finance identified cloud services as the biggest potential attack route within their organisation. Similarly, compromise of remote employees (39%) and insecure VPNs (37%) were flagged as significant threats, demonstrating the sector’s clear awareness of the security challenges surrounding hybrid working.
Ransomware also remains a key cyber security concern for financial services organisations, with 33% of respondents identifying it as a top risk. This reflects a recent increase in successful ransomware attacks against the sector – as many as one in five cyber security incidents reported to the Financial Conduct Authority in 2021 were ransomware-related, up 20% from the previous year.
“The finance sector has made fantastic progress in evolving its cyber security posture, and its maturity and resilience in the face of mounting security challenges sets the standard for organisations across CNI. However, as the continued rise in attacks against the sector shows, there is always scope for improvement. Organisations must take further proactive steps to strengthen their security postures. They can achieve this by preparing and rehearsing cyber scenarios, and ensuring that a cyber threat intelligence-led approach to security is firmly embedded in everything they do."