Financial service companies are undergoing a near-continuous digital transformation. As the competition heats up, banks must implement cutting-edge technologies to improve operations and enhance the customer experience. But this shift toward modernization comes with conditions, such as an increased focus on security.

Since the beginning of the Russia-Ukraine conflict, the banking sector has faced an 81% surge in cyberattacks. Nevertheless, financial companies in the UK have demonstrated a high level of confidence in their ability to handle these risks, per a report from Bridewell. According to the study, a surprising 94% of all financial firms surveyed expressed confidence in their ability to fend off attacks.

Given the aggressive threat landscape, what’s behind such a high level of confidence?

Optimism based on performance

The financial sector appears to be the most optimistic when it comes to its security measures, according to Bridewell. The vast majority of the industry’s decision-makers express a sense of confidence. This self-assurance is not without reason, as the industry outperforms all other UK CNI (Critical National Infrastructure) sectors in detecting and addressing threats.

According to the report, financial service companies have an average of 13 days to identify a potential threat. The second best performing sector, communications, takes twice as long at 28 days. Compared with other CNI sectors during the past year, financial firms also experienced the lowest increase in successful attack volume. The report also points out that UK cybersecurity incidents in the financial sector climbed 52% year-on-year to 116 in 2021.

Cyber warfare risk vs. worry

Compared to other CNI sectors, UK financial firms don’t worry as much about the cyber risk associated with real-world military conflict. For example, 93% of transport and aviation companies are concerned about the threat of cyber warfare. Meanwhile, 80% of government entities also worry about attacks related to war. But only 76% of financial services are worried about the cyber war threat.

This is understandable: the stakes are higher for transportation, and attackers frequently target government offices. But financial companies witnessed the second-largest rise in cyberattacks since the war in Ukraine broke out, at 81%. Still, the banks remain confident.

Which risks are most concerning

Despite overall confidence levels, the UK financial sector is acutely aware of the risks. The top security concerns for financial firms named in the Bridewell report include the following:

  • Malware (40%)
  • Phishing and ransomware (tied at 33%)
  • Data theft or misuse (30%)
  • Business email compromise or BEC (27%).

Cloud security issues and banking

With financial services companies increasingly adopting the cloud, worry over cloud security has also risen. As per Bridewell, research published by the Bank of England shows banking institutions are increasingly dependent on Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) products. Also, the Cloud Security Alliance found that nine out of 10 financial services organizations were using cloud services in 2020 or planned to use them in the next six to nine months.

Despite concerns about cloud security, financial companies use cloud infrastructure for highly sensitive and restricted workloads. Nearly a fifth of such workloads operate in the cloud. While this allows for improved operational agility, it also introduces new risks compared to traditional IT infrastructure.

Unsurprisingly, 46% of respondents in the financial services sector identify cloud services as the top attack route. Meanwhile, remote employees (39%) and insecure VPNs (37%) are also at the top of the sector’s security concerns.

Are the banks spending more?

You might guess that the financial sector spends more on security than other sectors. Could this explain the high level of confidence in their security? Amazingly, the report shows that companies in this industry actually spend the least on cybersecurity, at 32% of their IT budget.

Comparatively, financial services companies are not expected to increase that expenditure more than other sectors. This year, financial companies expect to boost their cybersecurity budget by an average of 22%. This is only half a percentage away from the mean cross-sector average.

The authors of the Bridewell report speculate that financial companies take an intelligent, priority-driven approach to security. Also, banks understand how to invest in cybersecurity to achieve superior results.

Another explanation could be that the sector invested heavily in digital security years ago ahead of other industries. Lesley Ritter, VP and senior analyst at Moody’s, said, “They have been dealing with cyber threats for well over a decade while at the same time being quick adopters of digital technology, which has the potential of making them more vulnerable. This heightened awareness translates into the banking sector standing out relative to other industries in terms of investment in cybersecurity, ability to attract scarce cyber talent and broad adoption of risk mitigation practices.”

Confident teams

The results of Bridewell’s survey reinforce the idea that the financial sector recruits (and protects) quality talent for key cybersecurity positions. The report states that staff in the banking industry are far less worried about losing their jobs due to a cyberattack. Only 68% worry about their job security in the event of an attack. Meanwhile, 96% of employees in communications companies fear losing their jobs if an attack occurs.

The right attitude

According to Bridewell, the financial sector has demonstrated an advanced level of readiness and resilience to face the complex world of cyber threats. The report says, “It is notable that the primary pressure to improve cybersecurity in the financial sector comes not from customers, but from the business itself. This suggests that managers are attuned to these threats and engaged in mitigating them.”

This means banks take a fully proactive stance when it comes to security. Instead of waiting for incidents to happen, the financial sector appears to study the terrain and seek adequate solutions beforehand. Undoubtedly, the stakes in sectors such as transportation are higher. The risk to human safety is a crucial consideration. But banking businesses are built on trust. If customers lose that trust, they will take their money elsewhere. It appears that the financial services realized early on that strong security is essential to a successful business strategy.

More from News

Securing critical infrastructure with the carrot and stick

4 min read - It wasn’t long ago that cybersecurity was a fringe topic of interest. Now, headline-making breaches impact large numbers of everyday citizens. Entire cities find themselves under cyberattack. In a short time, cyber has taken an important place in the national discourse. Today, governments, regulatory agencies and companies must work together to confront this growing threat. So how is the federal government bolstering security for critical infrastructure? It looks like they are using a carrot-and-stick approach. Back in March 2022, the…

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Will data backups save you from ransomware? Think again

4 min read - Backups are an essential part of any solid anti-ransomware strategy. In fact, research shows that the median recovery cost for ransomware victims that used backups is half the cost incurred by those that paid the ransom. But not all data backup approaches are created equal. A separate report found that in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, and more than…

Should you worry about state-sponsored attacks? Maybe not.

4 min read - More than ever, state-sponsored cyber threats worry security professionals. In fact, nation-state activity alerts increased against critical infrastructure from 20% to 40% from 2021 to 2022, according to a recent Microsoft Digital Defense Report. With the advent of the hybrid war in Ukraine, nation-state actors are launching increasingly sophisticated attacks. But is this the most prominent danger facing companies today? While nation-state-based attacks cannot be ignored, it looks like insider cyber incidents are far more common. In fact, for the…