Financial firms improve cyber resilience – but still work to do

Financial firms improve cyber resilience - but still work to do

Financial services firms have made good progress in improving their cyber security defences, with the number of attacks successfully stopped on the rise, a new report has found.

Research by Accenture revealed these companies blocked four out of five cyber attacks (81 per cent) in 2017, up from two-thirds (66 per cent) the previous year. This was despite the number of attempted breaches doubling over the same period.

Chris Thompson, global security and resilience lead for financial services at Accenture Security, said: "Financial services firms are converging to a level of mastery when it comes to the security status quo, including their cyber resilience and response readiness."

However, the study warned there is still more work to be done in order to defend businesses against increasingly sophisticated attacks. In particular, time to detection is one area where there is significant room for improvement.

More than 40 per cent of breaches went undetected for more than a week, while almost one in ten (nine per cent) remained unnoticed for at least a month. Accenture noted that it is essential that breaches are identified and contained as soon as possible – within days or even hours, rather than weeks – so this suggests many enterprises are overconfident about their capabilities.

The report also found that while 83 per cent of executives surveyed agreed that new technologies will be critical in keeping their organisations secure, only two out of five firms are currently investing in them.

Mr Thompson said: "As business technology evolves, so too must cybersecurity. The new technologies that banks and insurers are embracing – including cloud, microservices, application programing interfaces, edge computing and blockchain – will create new security risks, especially as cyber attacks evolve in sophistication."

Financial services firms will need to be particularly aware of these emerging risks, as the industry is becoming increasingly digitised, while developments such as data sharing and open banking change the way in which these organisations do business.

"AI, machine learning and robotic process automation can provide a consistent way to monitor for and combat these threats, but only if firms are willing to invest in them," Mr Thompson continued.