Financial services respondents report that the number of detected incidents has remained comparatively flat since 2013, hovering at between 4,600 and 4,900 annually. In 2016, business email compromise and ransomware are growing risks, and phishing is the top vector of compromise.
While detected incidents have stalled in the past four years, security spending has soared 67% since 2013. This year, security investments increased 11% over the year before.
This year, 41% of financial services respondents ranked assessment of security protocols and standards of third-party vendors as the top challenge to information security efforts. To address this issue, 41% said they will boost spending on monitoring and testing of third-party partner security.
Other key challenges include increasingly complex technologies, rising threats from foreign nation-states and the need for clear regulatory guidance.
Financial services firms are putting more sensitive workloads and data in the cloud. While 60% say they run IT services in the cloud, almost half (48%) entrust finance functions to cloud providers. Other business areas run in the cloud include marketing and sales, customer service and operations.
At the same time, many firms are embracing cloud-based managed security services to help integrate, manage and improve cybersecurity and privacy. This year, 60% of financial firms use managed security services for solutions like authentication and real-time monitoring and analytics.
Adoption of open-source software is proliferating across industries. So it wasn't entirely surprising to find that nearly half (48%) of financial services firms take advantage of open-source software to develop IT services and enhance infrastructure scalability. It was a bit eye-opening, however, to find that 45% of those who use open-source technologies said it has improved their cybersecurity posture.
It's no wonder, then, that 39% of financial services firms said they plan to invest in open-source software solutions over the next 12 months.
“This year, financial services firms continue to invest in this important area, as they face not only increasingly sophisticated threat actors but also more intense scrutiny from industry regulators and global changes in cybersecurity and privacy legislation. One of the top focus areas we’re seeing is the need to proactively monitor the cybersecurity standards and capabilities of third-party vendors.”
As it moves toward the core of digital businesses, the Internet of Things (IoT) will drive the need for more effective data privacy governance.
Financial services businesses plan to update cybersecurity and privacy safeguards to address risks associated with the Internet of Things. In fact, 42% of respondents said they are investing in security for the Internet of Things this year. Top priorities include new policies and technologies to safeguard against consumer privacy violations and updated data governance policies.