Financial services companies seek to unlock efficiencies of cybersecurity automation

Financial services companies seek to unlock efficiencies of cybersecurity automation

By Leon Ward, Vice President of Product Management at ThreatQuotient

As cyber threats intensify and the resources to deal with them remain limited, there is a growing need for automation in cybersecurity. The intelligent automation of key processes can significantly improve an organisation’s security posture while supporting under-pressure employees by reducing reliance on manual activities.

This is particularly relevant for financial services CISOs, who are under pressure to support digital transformation and mobile-first initiatives that are rapidly increasing the cyber attack surface, and who need to leverage all the efficiencies possible as they strive to defend the digital vault. However, automation is a relatively new approach in cybersecurity. Evidence suggests that many organisations are struggling to implement it effectively.

To understand more about the automation challenge, ThreatQuotient surveyed 750 cybersecurity professionals from organisations in the USA, UK, and Australia, with 150 respondents coming from the financial services industry. This was a follow-up to our 2021 UK survey, which revealed businesses had a lack of trust in outcomes from automation processes. Despite this, cybersecurity automation has gained traction over the intervening period, and this year’s results show that concerns have moved to more practical deployment issues such as integrating with existing technology and a lack of skills in the workforce.

These challenges were also evident when we asked respondents to rate the current maturity of their cybersecurity operations on a scale adapted from one originally developed by Accenture. We wanted to get a sense of how cybersecurity professionals view the sophistication of their set-up and how it contributes to the wider business.

Cybersecurity operations maturity scale:

LEVEL 1 We know we need to establish a cybersecurity operations capability, but we have no budget, personnel, or technology in place to build one. LEVEL 2 We are using some intelligence feeds but do not have a SOC or SIEM in place and cannot link threats to our strategic position. We have limited resources to support our security operations practice. LEVEL 3 We have an established cybersecurity operations practice with dedicated personnel, we curate our feeds and can relate threats to our organisational environment and events, but our approach is reactive and mean time to detection is longer than we would like. LEVEL 4 We have an established cybersecurity operations practice that is tuned to recognise threats that are specific to our organisation and prioritises them accordingly. We integrate with the wider business. LEVEL 5 Our cybersecurity operations practice is advanced and operates a fusion centre model that goes beyond focus on IT/OT threats and integrates with other areas such as IR, patch management, risk and compliance. We are viewed as an asset to the business.

Financial Services security professionals lack confidence in their cybersecurity maturity

Respondents from the Financial Service sector rated their cybersecurity operations maturity at 2.66 on average, with 16% saying they were at level one and 28% selecting level two. Of the sectors surveyed, only central government respondents rated maturity lower, at 2.63. Only one in five financial services respondents said they had an established cybersecurity operations practice that is tuned to recognise and prioritise threats specific to their organisation (level four). Just three percent rated themselves at level five.

However, despite their self-perceived lack of maturity, the survey showed evidence that Financial Services companies are actively seeking to address the situation. They were more likely than other sectors to say cybersecurity automation is important to their organisation; almost three-quarters said it was important compared to an average of two-thirds across all sectors.

Interestingly, when asked what cybersecurity processes they were already automating, Financial Services respondents were more likely than most other sectors to be automating a range of activities such as incident response, phishing analysis, and password reset. Although this appears to contradict their low assessment of automation maturity, it may indicate that the sector – being further down the road of automation – is in fact simply more aware of the challenges involved and is more proactive about tackling them, while recognising that there is more to do.

The primary driver for financial services in pursuing cybersecurity automation is to increase efficiency, which was more important among this group than in any other industry. The second most-common driver is regulatory and compliance requirements, which reflects the highly regulated nature of the business and the pressure companies are under to find ways to make compliance easier and more effective.

When asked what problems they had encountered when applying cybersecurity automation, the top three challenges were gaining management buy-in, technology issues, and a lack of trust in outcomes. These are all common challenges associated with automation and teams will need to continue working on several different levels – from lobbying management to overcoming technology barriers – to smooth the integration of automation into the business.

A further key hurdle is how to demonstrate ROI from automation. Our survey respondents told us that they focus on how well they are managing resources such as staff and budgets, and how well the tea, is doing in terms of employee satisfaction and retention. Lower down the list, respondents were analysing metrics such as mean-time-to-detect and mean-time-to-response. This may indicate that companies are taking a longer view of automation and prioritising its initial impact on employee wellbeing and budget.

Financial Services sector is prepared to invest in automation

Despite the challenges they have identified in the process of deploying more cybersecurity automation, financial services companies are committed to continuing its adoption. Of the five sectors surveyed only critical national infrastructure respondents were more likely to be committing net new budget to investment in cybersecurity automation. Almost 37% have allocated net new budget, and many are pulling budget from other areas such as headcount and IT operations to devote it to automation.

There is clearly some way to travel before financial services companies reach the desired level of maturity in cybersecurity automation, but that is not surprising. Automation may be the Holy Grail of efficient cyber defence, but it is still a relatively new discipline and there are undoubtedly challenges involved in implementation and achieving ROI.