In the last year, 66.2 percent of financial services institutions have faced at least one cyber-attack.
MetricStream has released a new global report revealing the current state of cyber-security within financial services. C-level information security professionals from over 60 banking and financial services firms of all sizes worldwide provided responses.
A lack of awareness among companies is evident as 33.8 percent of respondents were unsure how many cyber-attacks their organisation faced in the last year. Another 20 percent predicted there were more than 50 attacks on their organisations.
In 48.5 percent of cyber-attacks, employees (current and former) were the most compromised party. This suggests that employees are not as aware of security procedures as they should be, making them a target for hackers more often than customers (22.1 percent) and partners (11.8 percent).
Only 17 percent of businesses report cyber-security issues to senior leadership and 51.5 percent said their board of directors does not have a high level of involvement in cyber-security programmes.
Only 11.4 percent of organisations are sharing cyber-security information with others in the industry, revealing a lack of collaboration that is impacting the rate of cyber-threat education.
Despite its ability to link traditionally individual departments and provide a holistic view of the cyber-risk facing the firm, only 38 percent of companies use GRC technology as a tool in their cyber-security programmes.
“There is still some way to go before the financial services industry can feel confident against cyber-attacks. The industry must understand that cyber-security is no longer simply the remit of IT. It is very much part of the business' overall risk structure and it requires the efforts of all employees to ensure that data is being used in a way that doesn't add risk,” said French Caldwell, chief evangelist at MetricStream.
“Data regulations have strong guidelines regarding how information on customers and partners should be handled, yet employee data isn't always considered in the same bracket. Employees should not have to worry about the security of their data, and both the industry and regulators need to change their approach to ensure they are as protected as customers,” Caldwell concluded.