Global State of Information Security Survey: Financial services

Information security incidents in financial services sector continue to rise

Cost of security compromises outpaces detected incidents
It will come as no surprise to most financial services executives that information security incidents are continuing to rise, as are the costs of these intrusions. Respondents report an 8% increase in detected security incidents in 2014, and financial losses associated with incidents jumped 24%. Despite these increases, information security budgets show very modest growth.

Support from the top
To be effective, the CEO and Board should “own” the responsibility for managing cyber resiliency. Doing so will demand that executives proactively communicate the importance of security across the enterprise.

Regulators tighten rules
Recent actions by industry regulators have signaled they may require proof that financial services firms have implemented a robust security program. These types of regulatory guidance and requirements will very likely intensify in the future --and many organizations are not prepared.

Rising third-party risks
Financial institutions are increasingly worried about their ability to combat threats that can arise from sharing networks and data with business partners, service providers, contractors, and suppliers. This year, 41% of respondents say they detected security incidents perpetrated by third parties with trusted access.

Inside jobs increase
The number of security incidents attributed to current and former employees increased substantially this year, even as the readiness of financial firms to manage these risks diminished. Almost half (44%) of respondents attribute security incidents to existing staff.

Technology is not enough
Many financial services firms over-emphasize technology solutions as the best bet to protect their networks and data. Effective security demands that technology solutions are deployed on top of a foundation of sound governance, operational processes, and people skills.

The Global State of Information Security® is a registered trademark of International Data Group, Inc.