66.2 percent of financial organizations faced at least one cybersecurity attack in the last year, according to MetricStream Research.
The report, based on a survey conducted in July 2016, features the perspectives of C-level information security professionals in over 60 banking and financial services firms across the globe. The respondents represented financial enterprises of multiple sizes, as well as various segments, including banking, insurance, asset management, diversified financials, investment services, and foreign exchange services.
A spate of recent cyberattacks on financial institutions, including the Bangladesh Bank heist and the Banco del Austro hack, have propelled cybersecurity to the top of the corporate agenda, and prompted boards and executive teams to question the efficacy of their own cybersecurity measures.
Financial institutions have always been a lucrative target for cybercriminals, given the massive volumes of data and money that can be stolen. Now, with the introduction of mobile banking, online banking, the cloud and other new technologies, cybercriminals have more potential routes to breach an institution’s cyber defenses. These factors make it imperative for financial institutions to have robust threat detection and risk management mechanisms, as well as strategies to swiftly respond to and recover from a cyberattack.
- 66.2% of organizations have faced at least one cybersecurity attack in the last year
- 48.5% of the surveyed organizations reported employees to be the primary conduit through which an attack was launched
- 91.2% of organizations have cybersecurity as a formal part of their Enterprise Risk Management (ERM) program
- For 70.6% of organizations, their cybersecurity programs include third parties
- Only 38.2% of organizations are using an IT GRC solution as one of the tools in their cybersecurity programs.
“As the report demonstrates, an increasing number of financial institutions are falling prey to cyberattacks; in fact, many are not even aware that they’ve been attacked until it’s too late,” said French Caldwell, Chief Evangelist at MetricStream. He continued, “The best defense for organizations is to implement a pervasive and mature cybersecurity program that is integrated with their enterprise risk management framework, driven from the top, and based on the latest industry security standards. Technology can prove a valuable ally in this endeavor, by aggregating risk and threat intelligence from across the enterprise, and transforming it into the insights that organizations need to secure their assets, and protect their brand.”