Top 5 Stories


Financial Services Firms Plan to Increase Cybersecurity Spending

16 April 2014

Heartbleed, Zeus, insider threats and more: the financial services sector is under constant attack as cybercriminals look to lift user data and siphon off funds from accounts. The good news is that almost two-fifths (38%) of financial services firms in a recent survey plan to boost spending to combat cyber-crime over the next 12 months.

According to the latest CBI/PwC survey, the biggest increase in spending will be seen in sectors that reported low growth six months ago, including investment management, which plans to increase spending by 76%.

"Cyber-crime is a major threat to the UK's financial services sector, as fraudsters increasingly turn to technology as their main crime tool,” said Richard Horne, cybersecurity partner at PwC, in a statement.
“These figures show that an increasing number of UK financial services companies are taking cybersecurity seriously. Non-banking companies are sharply increasing their spend and banks, which have invested heavily for years in cyber-defenses, are continuing their level of spend. This demonstrates that even companies with mature cyber security capability need to continue to invest, as the threat is so dynamic.”

That said, where the investment goes needs to be strategic rather than broadside. As the digital channel in financial services continues to evolve, cybersecurity has become a business risk, rather than simply a technical risk.

"Spending on cyber security needs to carefully targeted – but also evaluated to ensure it's being spent where it can be most powerful,” Horne added. “Financial services companies are becoming more dependent on digital processes, and therefore more vulnerable to cyber-attack. In addition the threat is incredibly dynamic, so defense strategies need to be constantly evaluated and refined."

The report found that regulatory compliance remains the top driver of security spending for financial services respondents (44%), and that compliance is a higher priority than it is in other industries (the average was 30%). That’s not surprising given the fact that financial services is a highly regulated industry, but a security model centered on existing compliance standards will not adequately address today’s evolving security threats.

Other top priorities driving spending are business continuity and disaster recovery (40%); economic conditions (39%); company reputation (38%); internal policy compliance (38%); and business transformation (34%).

The banking industry is working on upping its preparedness, most visibly via exercises like Waking Shark II, which tested the UK banking sector’s response to a sustained and intensive cyber-attack. Waking Shark II was organized by the Securities Industry Business Continuity Management Group which drew on extensive cyber expertise to design a scenario in which a cyber-attack caused disruption to wholesale markets and the financial infrastructure supporting those markets.

Horne said that "The recent Waking Shark 2 exercise in the city showed that the financial services industry and its regulators have made progress in beginning to pull together a coordinated response to the cyber threat. It also makes clear that all companies need a clear understanding of the cyber threats and the measures they need to take to be confident in their ability to manage the risk. 

This article is featured in:
Business Continuity and Disaster Recovery  •  Compliance and Policy  •  Industry News


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×