The rapid pace of digital transformation brought about by the COVID-19 pandemic has left glaring gaps in the financial services sector’s cybersecurity measures, putting many businesses at heightened risk of ransomware attacks – an issue that could take at least two years to close, a new study has revealed.
Global data management giant Veritas Technologies surveyed 2,050 information technology executives from 19 countries, including 245 respondents from the financial services sector, and found that companies in the industry were struggling to keep pace in terms of cyber protection compared to those from other sectors.
Nearly half (48%) of financial sector respondents, which included insurance companies, admitted that the data security measures they were implementing were falling behind their digital transformation deployments. This figure is below the overall average of 39%.
“The financial services sector has undergone a huge digital acceleration in the last 18 months, but the pace of security rollouts to protect this innovation has lagged behind,” said David Wallace, director of UK enterprise sales at Veritas. “As a result, there will be increased threats to vital data, especially from ransomware.”
“Newly created backdoors will remain open to criminals, until companies within the financial services sector are able to catch up, which our data shows are expected to take two years,” he continued.
The report added that for organisations to speed up the process and address what the tech giant called “vulnerability lag” within the next 12 months, they would need to spend an additional $2.61 million and hire 29 new IT staff.
The extra spending is 5% more than the average required across all industries, something that the research said might be “disappointing news” for IT leaders in the sector, given that financial organisations invested 19% more than their peers on IT initiatives last year.
The study also found that 43% of businesses in the sector said they lacked enough funds to close all their cybersecurity gaps. The number is significantly higher compared to 28% of energy companies and 25% of those in the public sector.
“[Financial] organisations were especially stretched by the challenges of COVID-19, as more services moved online and new products were introduced at speed,” Wallace said. “And while, of course, they were right to prioritise continuity for customers and empowering the shift to remote working, the time has now come to redress the balance between rapid innovation and security.”
According to the survey, 82% of financial sector respondents have implemented new cloud capabilities beyond their original plans because of the pandemic. However, the report said that these cloud environments were most at risk from cyberattacks as more than half (54%) of businesses admitted that they have gaps in their cloud protection strategies – a figure higher than those in other sectors.
Three in five IT leaders in the financial services industry also said that cybersecurity risks have risen due to their pandemic-induced digital transformation initiatives, with 44% specifying that the risk of ransomware attacks had increased.
The research showed that businesses in the sector have already felt the impact of this vulnerability lag, with 89% of companies saying that they have experienced downtime in the last 12 months due to various cybersecurity issues. During the period, financial services organisations encountered 3.22 ransomware attacks, which was nearly a third (32%) higher than the average across all sectors.
“While the pressures that COVID-led digital transformation put on IT departments weren’t unique to the financial services sector, its position as a highly-attractive target to hackers may have meant that the industry has felt them more acutely,” Wallace said. “With hackers beating at the door, and limited resources to push them back, it can feel like the IT team is between a rock and a hard place.”
But Wallace added that “canny IT leaders” were finding ways to protect their businesses.
“Partnering with data protection providers that can minimise the admin burden of data protection through simplified tools that lever AI and machine learning,” he said. “Taking this approach can help financial organisations to accelerate their security rollouts and stop their protection infrastructure lagging behind their digital transformation.”