Cyber-security now the top concern for financial services

Cyber-security ranks as the number one concern for nearly half of financial institutions in the US, according to a recently published survey.

According to the Depository Trust & Clearing Corporation (DTCC), 46 percent of respondents to its most recent study ranked cyber-security as of more concern than geopolitical risk and the impact of new regulations.

The findings were contained in the DTCC report, Systemic Risk Barometer Study, completed in the first quarter of 2015 with responses from 250 financial market participants including DTCC clients and other key stakeholders.  

The 46 percent response rating for cyber-security is a record for the DTCC surveys, almost double the 24 percent response just one year ago.

Meanwhile, even for those who didn't put it first, cyber-security was still ranked in the top five risks overall by 80 percent of respondents as concern grows over the frequency and sophistication of attacks.

For financial institutions, cyber-security ranked alongside other risks such as geopolitics, local market policies, the impact of new regulations and the global economic slowdown.

 “Cyber-security threats continue to grow each and every day, as attackers become more sophisticated,” stated Mark Clancy, managing director, CISO technology risk management, DTCC and CEO, Soltra. “With cyber-security identified as the industry's top risk, it is critical that we develop and implement solutions that enable the timely sharing of data to prevent incidents as well as to promote faster incident detection and response.”

Continuing a trend from previous reports, 73 percent of respondents have increased resources to identify, monitor and mitigate systemic risk.

Mike Leibrock, managing director and chief systemic risk officer, DTCC, said, “The industry remains committed to continuing to identify and respond to all types of risk that could create firm-level or systemic incidents. Market participants are not only concerned with the reputational damage that could be caused to their organisations, but also the reputational impact to the industry as a whole.”

Jason Steer, chief security strategist EMEA, FireEye, said the gap between criminals and business defences is large and will always favour the bad guys, but across industry as a whole, the financial sector has been a leader in understanding cyber-risk and investing in security.

 “Financial institutions are at the vanguard of risk assessment practices, and that is reflected in this study, but they will always struggle to measure the optimal level of investment beyond just compliance,” he said.

“The solution should be to transfer more authority to the CIO; cyber security is no longer a problem contained within the IT department. An enterprise that understands the risks from every desk will be able to respond to a serious threat in the right way without hesitation. 

"The CIO needs governance across the entire business – for example to shut down mission critical systems immediately when responding to a potentially high impact breach, despite the impact on customers and financial losses incurred. Any internal resistance he or she faces could cost the company dearly if their ability to act promptly is blocked.”