According to governance, risk and compliance company MetricStream, the financial services industry is not paying enough attention to the issue of cyber attacks.
Following a survey of C-level security professionals at more than 60 banking and financial services firms around the world, MetricStream found that 66.2% experienced at least one cyber attack over the past year while only 33.8% of respondents were aware of the attacks.
Their report found that it’s really not a question of whether a cyber attack will occur, but rather when. Only 17% of the businesses surveyed make it a policy to report security issues to senior leadership, a troubling figure given the potentially catastrophic costs of a security breach.
What is crystal clear is the cyber security is not just an issue for IT. It is an issue that figures prominently into a company’s overall risk profile, and senior management must be involved in policy-making and monitoring. In most cyber attacks, employees rather than customers were more often the compromised party (48.5% of the time), suggesting that businesses would be wise to keep their employees aware of breaches. In any case, it is clear that the industry and regulators need to take more pro-active steps to ensure that employees, clients and companies themselves are better protected against the threat of cyber attack.
For more information, please read:
Financial service industry risking cyber security | The Actuary