November 26, 2014 By Douglas Bonderud 2 min read

Last week, PricewaterhouseCoopers (PwC) released a preview of its Global State of Information Security Survey (GSISS) 2015, which revealed that financial service companies plan to spend more — much more — on cybersecurity over the next two years. The full report is now available for download, and it’s time to take a closer look at the findings.

The Big Picture

Pulling back the lens, PwC found that cybersecurity “is no longer an issue that concerns only information technology and security professionals; the impact has extended to the C-suite and boardroom.” Financial cybercrime targets now extend beyond banks and credit unions, with the survey noting that more than half of stock exchanges worldwide have been victimized. In fact, the threat is so dire that the U.S. Securities and Exchange Commission plans to evaluate the cybersecurity preparedness of more than 50 large broker-dealers and investment advisers. Meanwhile, Asian companies that do not comply with Singapore’s Personal Data Protection Act are subject to fines of over $780,000.

Key Findings

Digging into the PwC data on financial service companies, it is clear that risks are on the rise. The survey, which asked 758 financial institutions about the number of detected security incidents, reported that the total number of adverse incidents that threaten “some aspect of computer security” rose 8 percent compared to 2013. The costs of these breaches also grew by 24 percent, with big losses leading the way. The number of firms reporting losses between $10 million and $19.9 million increased by 141 percent compared to last year.

However, the survey also found that cybersecurity spending hasn’t kept pace. While PwC’s 2014 Annual CEO Survey noted that 48 percent of CEOs worldwide are now concerned with cyberthreats, the new report discovered global information security budgets have stalled for the past five years. Overall, the GSISS found that as security incidents rise, spending tends to fall; one theory is that more targeted security practices have “enabled organizations to strategically optimize spending.” The idea here is to replace scattershot security measures with strategic investments “that are most relevant to today’s advanced attacks,” including tools that predict, prevent and detect attacks to minimize overall impact.

The Bottom Line for Financial Service Companies

For financial service companies, however, more spending remains an integral part of the security equation. As noted by a recent IP Watch article, pure spending is just one part of an effective defense. To combat advanced security threats, companies also require buy-in from top leadership, policies for handling sensitive information and input from all business divisions.

PwC found that 71 percent of financial services respondents said incident-management response processes were important components of any cybersecurity strategy. Meanwhile, 69 percent said classifying business value data was essential, and 59 percent wanted better risk assessments on internal systems.

Ultimately, PwC recommends that financial service companies — from stock markets to big banks and small investment firms — focus on linking security and risk. This means companies should ask themselves the following five questions:

  1. How much revenue would be lost in a cyberattack?
  2. Are there capabilities in place to deal with this kind of attack?
  3. Have critical assets been identified?
  4. Is the business resilient enough to handle an attack?
  5. Where do cybersecurity investments have the biggest impact?

While it is impossible to prevent every cyberattack, PwC found that businesses with better-than-average security awareness report significantly lower average costs. For financial service companies, this awareness comes from a combination of increased spending, intelligent investments and the evolution of cybersecurity best practices.

Image Source: Wikimedia Commons

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today