Nearly 80 percent of financial institutions are seeing increased cyber-security threat levels and are planning to increase security spending as a result, according to a new study carried out by professional services firm Ernst & Young.
The study, based on a survey of 250 professionals in the finance industry, underscores a growing awareness of IT threats to financial organisations, and complements recent figures that show security has also become a top factor for consumers in choosing a bank.
The study also found relatively low levels of awareness of key legislation including the EU Network Information Security Directive and the EU General Data Protection Regulation, Ernst & Young said.
“Our recent survey indicates that whilst the finance community are becoming more aware of the impacts of cybersecurity across their business, their awareness of the full range of legislative and governance instruments remains an area that has scope for significant improvement,” stated Mark Brown, executive director of EY Cybersecurity & Resilience.
Nearly half, or 45 percent, of those surveyed said their organisation had experienced from 1 to 10 cyber-security incidents within the past 12 months, while 79 percent said they planned to increase security spending due to an increased level of threat.
Another 38 percent said the company had been affected by no threats they were aware of, and only 21 percent said the threat level was perceived to be the same or reduced.
When asked where security issues originated, 28 percent saw external hackers as the biggest source of problems, but 23 percent focused on vulnerabilities in technical systems and another 21 percent thought their own employees were the main risk.
Ernst & Young found financial organisations had surprisingly little awareness of some key EU data-related regulations – only seven percent had heard of the EU Network Information Security Directive, which is to introduce mandatory breach disclosure for specific sectors, and 19 percent knew of the EU General Data Protection Regulation, which is expected to introduce significant penalties for data loss.
“More news headlines will be triggered by companies being forced to openly disclose to their customers that they have suffered a cyber breach, causing potential loss of trading revenues through brand and reputational damage,” Ernst & Young said in the study.
A recent study found that financial services firms can take up to 98 days to identify IT threats.
Are you a security pro? Try our quiz!
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
Most people in the United States view TikTok as a Chinese influence tool a poll…
UK regulator confirms it is investigating whether OnlyFans is doing enough to prevent children accessing…
Dismissed staff file complaint with a US labor board, and allege Google unlawfully terminated their…
Elon Musk dismisses two senior Tesla executives, plus the entire division that runs Tesla's Supercharger…