Financial Crime World

Financial Sector’s Cybersecurity Measures Fall Short, Study Reveals

A recent study has raised concerns about the cybersecurity measures in place at financial institutions, suggesting that many are underestimating the risks and vulnerabilities they face.

Complacency and Awareness

According to the survey, 80% of large companies with between 1,000 and 4,999 employees believe their IT security measures are sufficient to protect them from cyberattacks. However, this complacency is not shared by cybersecurity professionals, who are more likely to agree that their company’s security measures need improvement (37%).

  • Only 24% of companies train their entire C-Suite on security topics and procedures.
  • Just over one in 10 departments surveyed (between 15% and 10%) have fully trained staff.

Vulnerabilities and Concerns

The study also found that financial institutions fear the consequences of a cyberattack, including:

  • Regulatory fines or litigation (44%)
  • Loss of customers due to insufficient information security compliance (43%)
  • Damage to their public image (41%)

The study identified several areas where financial institutions are vulnerable to attack, including:

  • Corporate software
  • DDoS attacks
  • Trojans
  • Data breaches

Importance of Cybersecurity

The majority of respondents agree that comprehensive cybersecurity requires a combination of:

  • Technical solutions
  • Threat intelligence services
  • General awareness among all employees

However, the study found that while financial institutions are aware of these risks, they may not be taking sufficient steps to mitigate them.

Call to Action

“This study highlights the need for financial institutions to take a more proactive approach to cybersecurity,” said David Emm, Principal Security Researcher at Kaspersky. “Every pound invested in cybersecurity will pay off and is ultimately money well spent in the medium and long term.”

The study suggests that financial institutions should prioritize investing in cybersecurity measures, including threat intelligence services, and training all employees on security topics and procedures to reduce their vulnerability to cyberattacks.