November 10, 2016 By Larry Loeb 2 min read

Two-thirds of financial institutions that responded to a recent MetricStream Research survey indicated that they had experienced a cyberattack in the past year.

Financial Cybersecurity Threats Rising

The survey queried “C-level information security professionals” associated with 60 global financial services firms of various sizes and segments, including banking, insurance, asset management, diversified financials, investment services and foreign exchange services.

The survey suggested that insider threats continue to play a prominent role in the financial cybersecurity landscape. In fact, 48.5 percent of respondents reported that most cyberattacks were enabled by employees.

Where the Money Is

Cybercriminals love to target the financial industry because, quite simply, that’s where the money is. In response to this persistent threat, 91.2 percent of survey participants reported formally introducing cybersecurity into their enterprise risk management (ERM) program.

The specifics of the cybersecurity components in those ERM programs may need to change over time. The financial industry has its own particular security risks and regulatory frameworks to respond to them. Any security best practices evolve over time. so it’s a good idea to review them regularly as they apply to the institution.

For example, any evaluation of the risk management program should consider current information about the various threats that security professionals might find when they remediate an attack. It’s critical to know specifically what works and what doesn’t with respect to the institution’s situation.

Third-Party Protection

You don’t have to do all the heavy lifting in-house. Unsurprisingly, 70.6 percent of respondents reported that third parties played a role in their ongoing security efforts.

Security-as-a-service may be a very useful specialization for some organizations. Rather than being forced by necessity to build its own in-house expertise, a company can simply buy it as a package from a vendor and rely on round-the-clock servicing to protect their assets. They might need it, too: 55.9 percent of respondents reported an increase in attacks from previous years, while just 2.9 percent said that threats were decreasing.

Almost all agree that financial cybersecurity is a necessity in today’s world, but how those affected organizations go about achieving security is up in the air. Leveraging outside expertise and running risk management programs are only the tip of the iceberg.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today