Banks and Insurers Have Improved Their Cyber Defenses

September 20, 2018

Despite the volume of cyberattacks doubling in 2017, banks and insurance firm firms are closing the gap on cyber attacks, having stopped four in five of all breach attempts last year.

According to a study by Accenture, financial services firms stopped 81 percent of breach attempts during 2007, up from 66 percent during 2016.

Perhaps it’s not surprising, then, that more than 80 percent of executives surveyed expressed confidence in their security protocols across all technologies and capabilities.

However, while more breach attempts were thwarted, more than 40 percent of breaches, on average, went undetected for more than a week, and another 9 percent went undetected for more than one month. Accenture suggests that executives may be overconfident in their security capabilities – given that it’s critical to identify a breach in days, if not hours, to contain the damage.

The study, “2018 State of Cyber Resilience for Financial Services,” is based on a survey of more than 800 enterprise security practitioners at financial services firms, as well as an investigation of cyber attacks that occurred from February 1, 2017 through January 31, 2018.

“Financial services firms are converging to a level of mastery when it comes to the security status quo, including their cyber resilience and response readiness,” said Chris Thompson, global security and resilience lead for financial services, Accenture Security. “But as business technology evolves, so too must cybersecurity. The new technologies that banks and insurers are embracing – including cloud, microservices, application programing interfaces, edge computing and blockchain – will create new security risks, especially as cyberattacks evolve in sophistication.”

Although banks and insurers are increasingly dependent on alliance and business partnerships for growth, more than one third (37 percent) of executives surveyed said they hold their partners to lower cybersecurity standards than they do their own business. Accenture says this leaves firms vulnerable to outside security risks.

Financial services firms are also drawing on connected devices – including internet-connected cameras, sensors and smartwatches – forcing security professionals to safeguard more devices that could be used as entry points through which criminals can attack at will.

Yet while sophisticated technologies could pose new security threats, they could also improve cyber resilience, according to the research. Eighty-three percent of financial services executives surveyed said that new technologies – such as artificial intelligence (AI), machine and deep learning, and automation technologies – are essential to ensuring the security of their organizations. However, only two out of five financial services firms are currently investing in new technologies for cyber defense and only 18 percent said their firms have significantly increased their cybersecurity spending over the past three years, and only 30 percent plan to do so in the next three years.

The results also indicate that employees should be involved in protecting their organizations. While cybersecurity teams identified two-thirds of all company breaches, other employees identified a majority (69 percent) of the remaining breaches not caught by the security teams.

“Cyber risks are moving beyond traditional enterprise boundaries as financial services becomes rapidly digitized and as open banking and third-party data sharing change how business gets done,” Thompson said. “AI, machine learning and robotic process automation can provide a consistent way to monitor for and combat these threats, but only if firms are willing to invest in them.”

For the 2018 State of Cyber Resilience study, Accenture surveyed 4,600 enterprise security practitioners, including 821 from financial services (banking, insurance and capital markets), representing companies with annual revenues of $1 billion or more in 15 countries.

Source: Accenture