Cyber resilience mastery may be within reach for financial firms but achieving it might not be easy.
First, the good news: Accenture’s 2018 State of Cyber Resilience report finds Financial Services businesses stopped 81 percent of attacks in 2018, compared with 66 percent in 2017. This means only 19 percent of cyber attacks succeeded this year.
On the other hand, cyber criminals are improving their attacks, deploying breakthrough technology to outsmart security—but financial firms are not responding in kind. In fact, from an overall budgeting standpoint, only 18 percent of financial firms responding to the Cyber Resilience report significantly increased their cyber security spend over the past three years, and only 30 percent expect to spend significantly on defense over the next three years.
Banking and Capital Markets: 2018 State of Cyber Resilience
Banking and capital markets leaders are confident about their cyber resilience. Eighty-one percent of leaders across all industries report "confidence" or "extreme confidence" in their ability to resume activity after a breach. Firms also believe they are ahead of the curve when it comes to cyber security. Our survey found them performing well in 19 out of 33 capabilities on average—such as stakeholder involvement, cyber security accountability and cooperation during crisis management.
That confidence is great—but is it premature? One in seven breach attempts against banks and capital markets firms still succeed, and 42 percent of attempts go undetected for at least a week.
Meanwhile, banking and wealth management activity is rapidly moving to the digital domain, creating the potential for new cyber security threats. Likewise, business decisions increasingly rely on data, bringing more gap potential. Can banks and capital markets firms keep pace in a fast-changing threats landscape?
One strategy is to invest in new technologies. But banks and wealth managers are lagging in their investments in robotics, Artificial intelligence (AI)/machine learning, Internet of Things and blockchain.
Insurers have seen cyber resilience successes similar to those reported by banking and capital markets firms. Successful breaches for insurers declined from 30 percent in 2017 to 22 percent this year. Between 2017 and 2018 the number of cyber capabilities mastered by insurers almost doubled, from 12 to 20 (there are 33 total capabilities), with cooperation during crisis management and leveraging peers to identify business threats among the insurers’ high performing skills.
Complicating the cyber resilience picture for insurers is the need to not only manage their own defenses, but help customers manage theirs. Many insurers now offer policies to customers, insuring them and helping them protect their digital assets.
Another challenge facing the industry is the growing intersection of fraud and cyber. Not long ago, fraudsters were dependent on other actors, like doctors or auto body shops. But with identity theft capabilities, criminals can pass themselves off as claims processers or agents. Insurance fraud now can be committed faster, at lower risk to cyber criminals.
Is your cyber strategy resilient enough?
Banks, capital markets and insurers have seen strong success—but cyber criminals are getting smarter all the time. If they aren’t building solid strategies backed with robust breakthrough technologies, financial businesses may be leaving a breach-able gap.
Contact us to learn how your firm can master cyber resilience sooner, rather than later.