The amount of money being invested by the UK’s biggest banks into cybersecurity has increased sharply in 2019 according to a report from Lloyd’s Bank.
Cybersecurity is now the biggest technological concern for the financial sector and has jumped from eighth to fourth in the report’s top ten risks list. Only concerns over possible fallout from Brexit, the slowing of the wider global economy and the introduction of new regulations were higher on the list.
Rising concerns over cybercrime were shown to be matched by a rise in cybersecurity budgets. In 2018, 46% of respondents said that cybersecurity was one of their top three technology investments, whereas this year that figure jumped to 70% with cybersecurity now topping the technology agenda.
In previous years, cybersecurity has been seen as a relatively low risk, but now it seems as though boards are finally starting to sit up and take notice of the dangers (good news for CISOs).
Data released earlier in the year highlighted that the number of cyber incidents reported to the Financial Conduct Authority (FCA) leapt from 68 to 819, in 2018, an increase of over 1000%. The introduction of new regulations such as GDPR and an increase in the number of attacks was the major driver of the surging figures.
Perhaps surprisingly, just 11% of those reported incidents were the result of an actual cyberattack. Instead, the vast majority of them were caused by equipment issues, third-party service faults and basic errors.
The majority of firms were shown not to perform regular cybersecurity assessments and find it a major challenge to discover their security posture. The use of out of date IT systems was also a major issue highlighted.
The largest firms have adopted automation,but for smaller firms with limited budgets and a lack of technological knowledge,they still rely on out of date processes or more worrying, nothing at all.
The introduction of new regulations was one of the top three concerns in the Lloyds report after Brexit and economic uncertainty, and rightfully so as a new report published by Trend Micro has found that new European open-banking rules could make financial service organisations more vulnerable to cyberattacks.
The report shows that while the European Union’s Revised Payment Services Directive (PSD2) is designed to give people more control over their financial data, it could result in more cybersecurity incidents.
With many financial tech (fintech) businesses waiting to take advantage of open-banking there are concerns over how secure those companies actually are. In a survey of open-banking fintechs, it was discovered that most were comprised of twenty employees none of which are security professionals and have no record on data protection.
Concerns were also raised that cybercriminals may create malicious apps and use phishing campaigns to fool users into downloading them and in turn expose their banking details.
Many cybersecurity incidents that occur at financial institutions often go unreported to the authorities due to fears over reputational damage, said City of London Police Commissioner Ian Dyson in a speech at the 23rd World Conference of Banking Institutes (WCBI). He said, “We know that in the WannaCry episode, there were big companies, some of them on the FTSE list, who did suffer from WannaCry and did not report it to law enforcement because of fear of reputation. My plea is please do not be in that position. I challenge anyone to show when law enforcement has leaked information about a company that has suffered a cyberattack.”
Reputational damage is a major concern for financial organisations, but they should consider what looks worse; being breached and keeping it a secret only for that information to be leaked or discovered at a later date, or by being open and honest with their customers.
With CyberScore you can take control of your security posture by detecting vulnerabilities and gathering empirical evidence to form Get-Well plans. The process is rapid, accurate and can be run as often as you like, allowing you to always have an up to date view of your security.
After downloading and running the software across a network, businesses are provided with a free, top-level summary of the organisational calculated risk rating. Detailed technical reports and high-level assessments for the board can also be provided and are designed to show any potential vulnerabilities on the network. It can also assess the likelihood of an organisation passing a Cyber Essentials Plus certification.
Want to try CyberScore? Click here for a free trial - cyberscore.com/trial