According to the latest CBI/PwC survey, the biggest increase in spending will be seen in sectors that reported low growth six months ago, including investment management, which plans to increase spending by 76%.
"Cyber-crime is a major threat to the UK's financial services sector, as fraudsters increasingly turn to technology as their main crime tool,” said Richard Horne, cybersecurity partner at PwC, in a statement.
“These figures show that an increasing number of UK financial services companies are taking cybersecurity seriously. Non-banking companies are sharply increasing their spend and banks, which have invested heavily for years in cyber-defenses, are continuing their level of spend. This demonstrates that even companies with mature cyber security capability need to continue to invest, as the threat is so dynamic.”
That said, where the investment goes needs to be strategic rather than broadside. As the digital channel in financial services continues to evolve, cybersecurity has become a business risk, rather than simply a technical risk.
"Spending on cyber security needs to carefully targeted – but also evaluated to ensure it's being spent where it can be most powerful,” Horne added. “Financial services companies are becoming more dependent on digital processes, and therefore more vulnerable to cyber-attack. In addition the threat is incredibly dynamic, so defense strategies need to be constantly evaluated and refined."
The report found that regulatory compliance remains the top driver of security spending for financial services respondents (44%), and that compliance is a higher priority than it is in other industries (the average was 30%). That’s not surprising given the fact that financial services is a highly regulated industry, but a security model centered on existing compliance standards will not adequately address today’s evolving security threats.
Other top priorities driving spending are business continuity and disaster recovery (40%); economic conditions (39%); company reputation (38%); internal policy compliance (38%); and business transformation (34%).
The banking industry is working on upping its preparedness, most visibly via exercises like Waking Shark II, which tested the UK banking sector’s response to a sustained and intensive cyber-attack. Waking Shark II was organized by the Securities Industry Business Continuity Management Group which drew on extensive cyber expertise to design a scenario in which a cyber-attack caused disruption to wholesale markets and the financial infrastructure supporting those markets.
Horne said that "The recent Waking Shark 2 exercise in the city showed that the financial services industry and its regulators have made progress in beginning to pull together a coordinated response to the cyber threat. It also makes clear that all companies need a clear understanding of the cyber threats and the measures they need to take to be confident in their ability to manage the risk.