By Martin Borrett, Technical Director, IBM Security, UK&I
In recent years, financial institutions have been dealing with an increasingly volatile threat landscape. The sector’s accelerated digitalisation and the increased sophistication of artificial intelligence (AI) have significantly amplified the severity and complexity of attacks and data breaches. At the same time, geopolitical tensions have increased the rate of coordinated, politically motivated attacks on public and private organisations.
The scale of these security challenges are difficult to fully comprehend, but financial institutions possess the power and capabilities to counteract these threats effectively. Financial services can fortify their defences, secure operations and protect customer data by strategically increasing investment in incident response strategies and harnessing the power of AI and machine learning (ML).
The scale of the threat landscape
According to IBM’s latest annual X-Force Threat Intelligence Index, last year financial services remained the second most targeted industry globally for the third consecutive year, accounting for 18.2% of all incidents worldwide, second only to manufacturing.
This issue is particularly alarming in Europe, which is not only the most targeted region for cyberattacks overall but also experienced the highest percentage in the finance and insurance industry, accounting for 37% of reported incidents worldwide last year.
The gravity of the situation is further underscored by the fact that the UK, a key player in the global financial sector, is the most targeted country in Europe, bearing the brunt of 27% of all attacks in the region.
The high prevalence of data breaches and cyberattacks in the sector can be attributed to two critical factors. Firstly, these organisations facilitate transactions worth billions every day and house millions of client records, creating a massive financial incentive for attackers. For example, while the global average cost of a data breach in 2023 was $4.45 million, the average losses for financial institutions were 28% higher, averaging $5.9 million per data breach. Even more so, the average cost for breaches of 50 million records or more now tops $300 million.
Equally, as financial services institutions have digitised their operations, the number of potential entry points for attackers has dramatically escalated. According to IBM’s 2023 Cost of a Data Breach Report, while 48% of financial attacks start with malicious actors, human error accounts for 33%. Regarding attacks, phishing was the most common initial infection vector at 28%, followed closely by the use of valid accounts in 27% of cases.
The high rate of attacks poses not only financial and reputational risks for organisations, they also represent regulatory risks. The sector faces unique challenges regarding adequate data protection, including the need to incorporate global regulations into everyday banking practices. Firms are subject to client data privacy obligations under legislation such as GDPR and can face steep fines from authorities for failing to meet regulatory requirements.
How can the financial sector defend itself?
By adequately investing in their cybersecurity strategy, finance institutions can create a multi-pronged approach to security, helping to better identify, respond to and combat emerging threats and ensure compliance with legislation.
One key investment area in 2023 was security AI and automation. AI and automation have the power to reduce IT staff workloads and streamline data-intensive processes, lower total security costs and deliver faster identification of breaches. In response, companies exploring AI adoption should focus on securing the data sets and AI models, including the underlying training data, as well as securing the broader infrastructure surrounding the models.
Another critical investment area is Incident Response (IR) teams and testing. The benefits of having well-trained and tested IR staff are significant, with companies saving an average of £2 million compared to those that do not. Adopting a DevSecOps approach to security can enable firms to integrate protection at application, tool and platform levels for increased control. Success depends on comprehensive integration and regular testing as this can help identify existing cracks and, importantly, ensure organisations are prepared to respond to threats, resulting in better business outcomes. Stakeholders outside of IT should also be incorporated, and test lines of communication between technical teams and senior leadership should be established to ensure full coordination.
Next steps
Cybersecurity in the financial industry is not just about the up-front costs of a data breach. Instead, it is about creating reliable, repeatable and fast processes capable of addressing current threats, abiding by regulatory requirements and laying the groundwork for ongoing defence.
