The financial services industry is calling for all employees to prioritise organisational security. IT decision-makers also indicate a greater desire for industry-wide regulation regarding cybersecurity preparedness
The UK finance sector is on edge. Attracted to the lucrative results of a successful breach, cybercriminals are persistently electing to target businesses within the sector. The numbers speak for themselves; in the last year alone, UK finance organisations experienced, on average, 60 different cyberattacks – more than one per week.
Although the immediate consequences of a cyberattack are well documented, the long-term effects are even more alarming. One data breach can leave businesses reeling for months after costing an organisation valuable time and money. The HSE, Ireland’s health service, is testament to this; almost half a year after a crippling attack, it has still only managed to restore 95% of all servers and devices, highlighting the long-lasting fallout of these incidents that can cripple organisations for many months, if not years.
A large majority of businesses within the finance sector believe that the situation will only deteriorate within the next 12 months. Unfortunately, no company will ever be entirely safe. However, by putting the right measures in place now, UK finance organisations can at least mitigate the risk of being breached and prevent losing invaluable digital assets.
No threat, no problem?
It can often be difficult to discern where exactly the risk lies within a company’s cybersecurity defences. However, the threat is most certainly there, and many businesses are aware that they are underprepared for the next attack. In fact, according to Keeper’s 2021 UK Cybersecurity Census report, only 42% of IT decision-makers in the finance industry actually feel their company is very well prepared against cyberattacks, while just 22% feel that UK businesses in general are very well prepared.
Achieving a high level of preparedness can be a costly affair, and without a tangible threat on the horizon, business leaders are still reluctant to allocate a budget big enough to protect their organisations from complex, well-financed attacks. It is therefore crucial that IT decision-makers ensure they cover the basics and put simple, yet effective cybersecurity best practices in place that don’t need to cost the world.
One of the easiest ways a company can avoid the catastrophic consequences of a data breach is through formal education. By training employees – across all levels of the organisation – to manage their own security practices, businesses can prevent data breaches that affect the whole company. By handing responsibility over to each individual employee, IT decision-makers can also share the burden of protecting the business, making their job that little bit less stressful.
Business leaders also often overlook the power of their organisation’s first and most fundamental line of defence: its employees and their passwords. Password security issues account for more than 80% of all data breaches globally, so good password hygiene is crucial to ensuring that digital assets are kept safe from cybercriminals.
Businesses can facilitate better password hygiene within the organisation by introducing a centralised password management platform that keeps credentials safe from bad actors, without the need for lists of unmemorable passwords. These platforms encrypt login details to ensure that an organisation’s digital assets are kept safe, significantly reducing the risk of being exposed to a password-related data breach.
A call for regulation
In theory, it seems logical that every UK finance organisation should want to put the right measures in place to protect themselves against cyberthreats. However, many CIOs and CISOs argue that unless there exists a legal incentive to push business leaders to change, they won’t.
The majority of the UK’s IT decision-makers therefore agree that an official cybersecurity regulatory body would keep the finance sector safer from attacks by holding businesses accountable for their security policies. Many even believe that it should be a legal requirement for businesses to have basic cybersecurity protections in place before being allowed to operate or trade.
Regulation may also help to build a culture of transparency within the industry, which has also become a prevalent issue, even among those designing IT policy. More than two in five IT decision-makers have kept a cybersecurity attack affecting their business to themselves, which is even more concerning given that four in five IT decision-makers have done at least one thing to compromise their own company’s security in the last 12 months.
The UK’s financial sector must look to improve if it hopes to deal with the onslaught of attacks set to ramp up in the coming years. A regulatory body may encourage companies to make important adjustments to their cybersecurity defenses. However, the responsibility ultimately lies with business leaders to give UK IT decision-makers the freedom and resources they need to protect their organisations. By reacting now, businesses will be left in a better position to cope with modern cybersecurity pressures in the future.
For more information please visit keeper.io/protect