Cyber security strategies to protect your organisation
Cyber security strategies in the financial services sector are increasingly under threat. Persistent attacks from cyber criminals, including a rising number of business email compromise (BEC) attacks, are wreaking havoc on the industry. Despite numerous reports and recommendations, these cyber security risks continue to escalate. Understanding why your cyber security strategy isn't as effective as it should be and taking proactive steps to build cyber resilience across your organisation is crucial in today's digitised world.
The true cost of cyber crime
As we all know, the true cost of cyber crime is quite substantial. Forbes predicts that cyber crime costs will exceed $10.5 trillion per annum by 2025, a 250% increase within a decade. Regulatory fines are part of the cost equation, but the overall financial implications are much greater than initially anticipated. They encompass the time spent rectifying the breach, customer compensation, reputational damage, loss of business, reduced brand loyalty, and a decrease in share prices.
To change the status quo, firms must reassess their cyber security strategy. In an era of increased remote working and digital integration, companies must weigh the benefits of integrated apps and services against potential risks. If one service is compromised, it could expose other linked services and internal software.
Does the board understand your cyber risk?
Cyber has been in the top three triggers for Directors and Officers (D&O) derivative actions since 2017, but more and more we’re seeing D&O policies not covering liability for cyber-attacks. Perhaps this will hold your C-suite more to account when it comes to prioritising and resourcing cyber security.
Understanding your cyber risk
Cyber risks should be fully understood and prioritised at all levels. Cyber has been a key trigger for Directors and Officers (D&O) derivative actions since 2017, but increasingly, D&O policies do not cover liability for cyber-attacks. This might make your C-suite more accountable for prioritising and resourcing cyber security.
Furthermore, the financial services sector has seen a notable lack of cyber due diligence, particularly during mergers and acquisitions (M&A). Often, small businesses acquired during M&A have hidden cyber security weaknesses. These companies, with their less advanced security, are an attractive entry point for cyber criminals targeting large financial institutions.
Why are financial service organisations still so heavily targeted?
Financial service firms are a prime target for cyber crime due to the wealth they manage and the extensive customer data they store. Gartner has found that insider threat management is not a focus area for most organisations unless they are highly regulated and by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents.
According to the Verizon 2023 Data Breach Investigations Report, 83% of breaches involved external actors with 74% implicating the human element. The report analysed over 16,000 incidents, revealing that stolen credentials, phishing, and exploitation of vulnerabilities were the main access points for cyber attackers.
While financial service institutions allocate similar budget proportions for cyber security as other industries, it does not adequately reflect the frequency and intensity with which they are targeted. To protect your organisation effectively, uncovering potential vulnerabilities and exposures is necessary, but this cannot be achieved without sufficient funding.
Building cyber resilience across your organisation
Cyber security must be managed as an enterprise risk. Gartner suggests that over 60% of organisations will embrace zero trust as a starting place for security by 2025, yet more than half will fail to realise the benefits. The focus should transition from simply detecting, protecting, and responding, to understanding the specific risks your business faces. Learning from past threats and better anticipating future attacks is a proactive approach to cyber security.
With the constant increase in cyber crime and its associated costs, organisations must focus on minimising human error – a key vulnerability in security strategy. Fostering a culture of cyber security awareness and incentivising the reporting of suspicious activity can contribute significantly to your organisation's safety.
Transformation secured in the right way
At 6point6, we have first-hand experience implementing these strategies and we're here to help you strengthen your cyber security framework.
Contact us for more information on cyber security you can depend on for your organisation.
Sources:
- https://www.gartner.com/doc/reprints?id=1-2D7XIUC3&ct=230413&st=sb
- https://www.verizon.com/business/resources/Tbb/reports/2023-data-breach-investigations-report-dbir.pdf
- https://www.forbes.com/sites/forbestechcouncil/2023/02/22/105-trillion-reasons-why-we-need-a-united-response-to-cyber-risk/?sh=5c3d26103b0c