No Compromise for UK Financial Services
Foreword
The financial services sector is in the midst of
a perfect storm, with shifting market trends
disrupting the industry to its very core.
Rampant globalisation, hyper connectivity,
heightened customer expectation, evolving
work practices, regulatory pressures and an
increasing reliance on diverse
stakeholder ecosystems are all having
significant impact on the companies operating
in this sector. These issues are also leading to an
exponential rise in the challenges surrounding
the protection of data. These are challenges the
sector must overcome.
In a recent study conducted by Ponemon, 31
percent of consumers impacted by a breach
stated they had discontinued their relationship
with the affected organisation, and 65 percent
admitted they had lost trust in the business
altogether. With new entrants disrupting
the financial services market, with no legacy
systems, they are able to provide robust,
secure and agile platforms built for the market
demands expectations and threats. Established
players must maintain trust, whilst guarding
against an increasingly complex cyberthreat
landscape.
In 2017, Russia’s Sberbank and the National
Bank of Ukraine both fell victim to the
WannaCry and Petya ransomware attacks, while
Tesco Bank suffered a high profile breach in
which £2.5 million was taken from customer
accounts in November 2016. And these are just
the attacks that made headlines. A study from
Accenture suggests a typical financial services
organisation will face an average of 85 targeted
breach attempts every year.
One of the main reasons such attacks are
successful is the often outdated techniques
and approach deployed to data security and
operations wrapped to support this. Too often
this is the result of compromises having to
be made between agility and security – at a
strategic level but also every single day by those
on the front line defending against the threats.
The digitisation agenda demands speed and
usability, with an intuitive, seamless experience
for customers used to a diet of one-touch
access and instant information. Yet financial
businesses, be they retail banks, brokerages,
payments providers or insurance companies,
must marry such evolution with stringent
regulatory compliance and legacy systems.
Businesses have often been quick to invest in
the latest front-end digital platforms, without
considering the security ramifications, involving
the security team from the on-set, or devoting
the same attention to delivering up-to-date
protocols and procedures. As cyberthreats
evolve, so must the approach to defence.
To understand the scale of the issue, and
where IT security professionals who work in
the financial services industry believe change
is required, we questioned 201 based in the UK,
exploring their thoughts on current security
practices within their organisation and where
they believe they are fighting an uphill battle.
This guide outlines the scale of the job ahead,
identifies where common challenges currently
lie, and importantly, what the sector must do to
develop a fit-for-purpose approach to security
which limits the impact of breaches and best
protects customers.
Ian Jenkins, Head of Network
and Security, UK, VMware.
1
No Compromise for UK Financial Services
About this research
VMware commissioned research to explore the
cyberthreat challenges the financial services
sector faces, covering how prepared IT security
professionals feel and how confident they are in
their security infrastructure to balance the drive
to digitisation. On VMware’s behalf, independent
research house Opinion Matters questioned 201
UK based IT security professionals who work in
the financial services sector in organisations of
over 250 employees. The research was carried
out in October 2017.
The evolving threat landscape
and the digitisation agenda
As holders of significant amounts of data on
individuals and organisations, not to mention
being gatekeepers to the world’s finances,
the financial services sector is a prime target
for cyber criminals. Therefore, it comes as no
surprise to find that they are subject to frequent
cyberattacks, with 15 percent of security
professionals having to deal with attempts
weekly and eight percent daily.
Why is this happening? Only half of those
surveyed (49 percent) rated the current security
of the IT infrastructure of their organisation
as good with 14 percent stating it was only
adequate and five percent less than adequate.
This suggests security professionals are aware
that cybercriminals are evolving faster than the
security apparatus designed to stop them but
their hands are tied when it comes to making
the necessary changes to avert threats. At
a time when successful and even attempted
cyber-attacks have, according to 56 percent,
resulted in a loss of credibility or reputation and
54 percent caused inconvenience to suppliers
and customers, financial sector organisations
must make changes in order to prevent
devastating consequences to their bottom-line.
The challenges facing IT security professionals
keen to drive change are significant however
– a lack of skills (26 percent), budget and
resource (57 percent) and also understanding
among senior management (26 percent)
were highlighted as impacting how security
professionals rated their employers’ data
security. Even more worryingly, a quarter (25
percent) stated the impact of cybercrime was
actually treated as a cost of doing business.
Companies must consider the EU’s General
Data Protection Regulation (GDPR) coming
in to force in May 2018, which will apply to all
companies selling to and storing customer
or citizen personal data in Europe and other
continents. With 55 percent of respondents
stating both successful and attempted
cyberattacks have breached customer
confidentiality, such complacency could see
financial services organisations facing fines
of up to 20 million or 4 percent of annual
worldwide turnover. That would be on top of
any loss of revenue, reputational damage or
reallocation of resource resulting directly from
an attack.
15%
admit to suffering cyberattack
attempts weekly and eight
percent daily
2
Please complete the form to gain access to this content