Last week, PricewaterhouseCoopers (PwC) released a preview of its Global State of Information Security Survey (GSISS) 2015, which revealed that financial service companies plan to spend more — much more — on cybersecurity over the next two years. The full report is now available for download, and it’s time to take a closer look at the findings.

The Big Picture

Pulling back the lens, PwC found that cybersecurity “is no longer an issue that concerns only information technology and security professionals; the impact has extended to the C-suite and boardroom.” Financial cybercrime targets now extend beyond banks and credit unions, with the survey noting that more than half of stock exchanges worldwide have been victimized. In fact, the threat is so dire that the U.S. Securities and Exchange Commission plans to evaluate the cybersecurity preparedness of more than 50 large broker-dealers and investment advisers. Meanwhile, Asian companies that do not comply with Singapore’s Personal Data Protection Act are subject to fines of over $780,000.

Key Findings

Digging into the PwC data on financial service companies, it is clear that risks are on the rise. The survey, which asked 758 financial institutions about the number of detected security incidents, reported that the total number of adverse incidents that threaten “some aspect of computer security” rose 8 percent compared to 2013. The costs of these breaches also grew by 24 percent, with big losses leading the way. The number of firms reporting losses between $10 million and $19.9 million increased by 141 percent compared to last year.

However, the survey also found that cybersecurity spending hasn’t kept pace. While PwC’s 2014 Annual CEO Survey noted that 48 percent of CEOs worldwide are now concerned with cyberthreats, the new report discovered global information security budgets have stalled for the past five years. Overall, the GSISS found that as security incidents rise, spending tends to fall; one theory is that more targeted security practices have “enabled organizations to strategically optimize spending.” The idea here is to replace scattershot security measures with strategic investments “that are most relevant to today’s advanced attacks,” including tools that predict, prevent and detect attacks to minimize overall impact.

The Bottom Line for Financial Service Companies

For financial service companies, however, more spending remains an integral part of the security equation. As noted by a recent IP Watch article, pure spending is just one part of an effective defense. To combat advanced security threats, companies also require buy-in from top leadership, policies for handling sensitive information and input from all business divisions.

PwC found that 71 percent of financial services respondents said incident-management response processes were important components of any cybersecurity strategy. Meanwhile, 69 percent said classifying business value data was essential, and 59 percent wanted better risk assessments on internal systems.

Ultimately, PwC recommends that financial service companies — from stock markets to big banks and small investment firms — focus on linking security and risk. This means companies should ask themselves the following five questions:

  1. How much revenue would be lost in a cyberattack?
  2. Are there capabilities in place to deal with this kind of attack?
  3. Have critical assets been identified?
  4. Is the business resilient enough to handle an attack?
  5. Where do cybersecurity investments have the biggest impact?

While it is impossible to prevent every cyberattack, PwC found that businesses with better-than-average security awareness report significantly lower average costs. For financial service companies, this awareness comes from a combination of increased spending, intelligent investments and the evolution of cybersecurity best practices.

Image Source: Wikimedia Commons

More from

Will the 2.5M Records Breach Impact Student Loan Relief?

Over 2.5 million student loan accounts were breached in the summer of 2022, according to a recent Maine Attorney General data breach notification. The target of the breach was Nelnet Servicing, a servicing system and web portal provider for the Oklahoma Student Loan Authority (OSLA) and EdFinancial. An investigation determined that intruders accessed student loan account registration information between June and July 2022. The stolen data includes names, addresses, emails, phone numbers and social security numbers for 2,501,324 student loan…

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or set of systems for which they intend to create an application. This targeted system would be the mall. Then, when building the application, they would…

Inside the Second White House Ransomware Summit

Ransomware is a growing, international threat. It's also an insidious one. The state of the art in ransomware is simple but effective. Well-organized criminal gangs hiding in safe-haven countries breach an organization, find, steal and encrypt important files. Then they present victims with the double incentive that, should they refuse to pay, their encrypted files will be both deleted and made public. In addition to hundreds of major attacks around the world, two critical ransomware incidents — the Colonial Pipeline…

Did Brazil DSL Modem Attacks Change Device Security?

From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims' computers. According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazil's Computer Emergency Response Team, the attack ultimately…