Dive Brief:
-
Cyberattacks hit financial services firms 300 times more than other companies, according to a report from Boston Consulting Group (BCG).
-
Even with persistent threats, financial firms fail to prepare and respond to attacks, according to BCG. Company leadership does not emphasize cybersecurity or work to weave it into corporate culture.
-
Few organizations prepare employees and partners on how to respond in the event of a security incident, according to BCG. Instead, prevention is a priority.
Dive Insight:
Malicious actors have different motives when perpetrating a cyberattack, but in the case of cybercriminals, their agenda is financial gain, according to a 2018 report from the RAND Corporation.
Financial institutions have troves of sensitive data, ripe for monetization if breached, including cryptocurrency portfolios. Much like other attacks methods, attacks work to compromise account credentials through phishing, according to RAND.
If an employee reused account credentials, like passwords, attackers have all they need to wreak havoc.
Compared to other industries, financial services actually fare pretty well in cybersecurity. SecurityScorecard ranks financial services as a top performer in overall cybersecurity.
The sector, along with insurance and consumer products, is known for hoarding security talent. The rosters are more robust because banks have advanced security programs, according to said Sam Olyaei, director analyst of Gartner.
There is always another security investment to make, another attack to deter. Security teams have to prove their value to corporate leadership and show ROI to help create a security culture.
