While more cyber breach attempts were thwarted in 2017, over a quarter went undetected for more than a week in UK financial services firms, a new report from Accenture finds. This suggests that executives may be overconfident in their security capabilities – given that it’s critical to identify a breach in days, if not hours, to contain the damage.
Greater reliance on partnerships for growth is driving up external cyber threats
This is a concern for UK security executives in the sector, with almost a third holding their partners to lower cyber security standards than their own. Financial services firms are also adding more connected devices to their infrastructures which is offering more entry points to criminals, driving up the need for more robust security capabilities. But it isn’t just external threats that the sector needs to watch out for.
“While UK financial services firms are making strides to close the gap on cyber-attacks, there is still work to be done given the amount of breaches that go undetected for so long. Historically, the focus has been placed on external threats. But firms also need to look closer to home at threats that already exist inside the organisation. It’s no good building a wall outside to stop people getting in. They need to work on the assumption that the hacker has already broken into the house and they need to contain them in one room to quickly prevent more damage”, commented Carmina Lees, managing director, UK financial services, Accenture.
Cyber threats are growing in sophistication due to the availability of technologies like automation, machine learning and artificial intelligence. While these technologies pose new threats, they can also help improve a firm’s cyber resilience, yet not many are investing. 80% of UK financial services executives regard these technologies as essential to combatting cybercrime, but only a third are investing here and just 21% plan to significantly increase their investment in the next three years.
“Over confidence combined with under investment in cyber resilience could spell bad news for the sector. As financial services become increasingly digital and open banking and third-party data sharing change how business is done, cyber risks are only going to grow both in scale and sophistication. AI, machine learning and robotic process automation can provide a consistent way to monitor for and combat these threats, but only if firms are willing to invest in them”, concluded Lees.
The study, “2018 State of Cyber Resilience for Financial Services,” based on a survey of more than 800 enterprise security practitioners (75 from the UK), found that financial services firms stopped 81 percent of breach attempts in 2017, up from 66 percent in 2016.
To view the complete financial services reports — banking/capital markets and insurance — visit: www.accenture.com/FSstateofcyber