[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

Financial service industry risking cyber security

Financial service institutions are unaware or under-reporting the frequency of cyber attacks according to a report by governance, risk and compliance company, MetricStream.

Data security concerns ©Shutterstock
Data security concerns ©Shutterstock

After surveying C-level security professionals over 60 banking and financial service firms globally, it was found that 66.2% of institutions had at least one cyber attack in the last year, with only 33.8% of respondents aware of this.

In addition only 17% of businesses report cyber security issues to senior leadership, with 51.5% of respondents to the survey saying their board directors did not have a high level of involvement with the issue.

The report states: “These days, it is not a question of ‘if’ but ‘when’ a financial institution will be breached.

“The cost of a cyber attack can be catastrophic, resulting in regulatory penalties, eroded share prices, loss in customer confidence, reputational damage, and even a shutdown of the business.

This lack of cyber security discussion with senior leadership suggests it is not factored into the risk management strategy of an organisation according to the report, despite the effect it can have on overall strategy continuity.

MetricStream chief evangelist, French Caldwell, said: “The industry must understand that cyber security is no longer simply the remit of IT.

“It is very much part of the business’ overall risk structure and it requires the efforts of all employees to ensure that data is being used in a way that doesn’t add risk.”

In nearly half (48.5%) of cyber attacks, employees were the most compromised party, compared to customers and partners who were targeted by hackers 22.1% and 11.8% of the time respectively.

“While it’s unsurprising that businesses don’t always want to disclose if they have been targeted, employees are more likely to take precautions when using data if they are aware of just how frequently cyber attacks take place,” Caldwell added.

“Employees should not have to worry about the security of their data, and both the industry and regulators need to change their approach to ensure they are as protected as customers.”