Handling finance automatically makes an organisation a preferred target for cyber-criminals. According to a survey of 100 senior business decision-makers in the UK by data security company Clearswift, 70 percent of financial companies faced a cyber-security incident.
Almost half of the incidents reported over the past 12 months were caused by internal errors -- employees failing to follow security protocol or data protection policies.
Although the threat generally increased in proportion to the company’s human resource, it was the biggest in mid-sized financial companies (3,000 to 4,999 employees) with 52 percent of respondents citing employee failure to follow corporate data protection policies as their biggest issue.
Cyber-attacks have long been on the rise. A study of 5,400 organisations across seven countries by insurer Hiscox said 61 percent of them faced one or more attacks in the past year. Among the targets, the financial services industry remain the most lucrative one.
"The financial sector is the lynchpin of the UK’s economy and a vital part of our nation’s Critical National Infrastructure, so it is alarming to see such high numbers of security incidents within financial organisations," Clearswift CTO Guy Bunker said in the company announcement.
Malware and viruses through third-party devices were increasing, said the Clearswift survey. Kaspersky last month reported that mobile financial attacks it detected in the first half of the year were 3,730,378, up 107 percent compared to H1 2018. Among them, 438,709 unique users were attacked by mobile Trojan bankers.
"Mobile banking fraud is easy to miss for consumers as Trojans are well hidden inside other legitimate-seeming applications or attachments. Once inside the customer’s phone, they can roam free to steal banking information or account assets," said Lisa Baergen, director at NuData Security.
A common grievance among the UK FSI respondents was that of inadequate security budget, said the Clearswift survey.
"The numbers associated with security incidents are in stark contrast with further findings from the survey which revealed less than a quarter (23 percent) of respondents had an adequate level of budget allocated to cyber-security within the firm. Unsurprisingly, 73 percent of respondents would like to see some, if not significant, increase in their organisation’s cyber-security spending," said the company announcement.
The Hiscox report also points to this direction. According to the report, the UK had the lowest cyber-security budgets, with less than £900,000 on average compared with an average across the study group of £1.2 million.
ImmuniWeb last month published research that said 97 out of the 100 largest banks are vulnerable to web and mobile attacks enabling hackers to steal sensitive data. Being a large market where global FSI majors are established, the UK seems to have gained a significant share of troubles.