May 29, 2018 By Douglas Bonderud 2 min read

Financial institutions are prime targets for cybercriminals. According to a February 2018 report from management consulting firm Accenture, the number of breaches in the financial services sector tripled in the last five years. Meanwhile, the Journal of Cyber Policy noted recently that 89 percent of survey respondents say their existing information security (InfoSec) tools and policies don’t meet current needs.

During a recent Senate Banking Committee hearing, witnesses addressed both sides of the issue: the increasing scope of cybersecurity threats facing financial institutions and the steps that can be taken to limit the impact. Ideally? Clearer regulations, more accountability and recognition of critical risk.

Risk Is Our Business? Cybersecurity Threats

Cybercriminals are looking for maximum profit with minimum effort. As banks make the switch from storing physical currency to moving and investing money online, attackers have prioritized financial targets. Bob Sydow, a principal at professional services firm Ernst & Young, was straightforward about the state of financial cybersecurity at the Senate hearing, noted Politico.

“Keeping up with known threats and vulnerabilities is difficult enough, but the scope of unknown cyber risks seems much larger than other, more traditional risk domains,” Sydow said.

Financial institutions must also acknowledge the role of employees in securing or exposing networks to risk. According to Financial News, 58 percent of cyber claims stem from employee behavior, with the financial sector facing the highest annual cost per year for cybercrime — intentional or not.

Thirty-five percent of companies say their data protection policies are “ad hoc or nonexistent” and 12 percent have no breach detection solutions in place, according to Ernst & Young’s latest data, Global Information Security Survey.

It’s clear there’s a gap between current financial InfoSec and practices and the impact of cybersecurity threats.

Industry Investment to Protect Personal Data

According to Forbes, Senate Banking Committee Chair Mike Crapo and his democratic counterpart Sherrod Brown both agree the financial sector needs better legislation when it comes to protecting consumers’ personal data. Brown describes a bill with provisions that hold companies accountable for data loss but doesn’t know exactly what form that would take — although he does say record bank profits could be used for more cybersecurity investment.

During the recent hearing, however, Bill Nelson, president and CEO of the Financial Services Information Sharing and Analysis Center (FS-ISAC) argued that “despite a dynamic and ever-changing cyberthreat environment, the financial sector has invested heavily to protect the sector’s assets and consumers’ information from adversaries and cybercrime,” noted Politico. For Nelson, improved financial sector security includes government action to harmonize conflicting regulations, more cybercrime prosecutions and Congress-defined responses to specific types of cybersecurity threats.

To Spend and Secure

The recent Senate hearing makes it clear: Financial institutions are spending on cybersecurity, but the scope and nature of threats make it difficult to keep up. While more monetary investment remains a priority, increased legislative follow-through and government streamlining of existing regulations also play a critical role in reducing cyber risk.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today