Financial institutions face numerous challenges to safeguard their assets from digital incursions.
• The financial sector is a prime target for cyber crooks, and 2021 was the worst year ever for cybercrime.
• During the past several years, cybercriminals have increasingly targeted the sector with evermore sophisticated and devious schemes.
• Phishing and other email-based attacks are among the biggest cyberthreats facing the industry.
• Defenses against these attacks are widespread throughout the sector, although these aren’t as extensive and far-reaching as they need to be.
Last year was the worst on record for cybercrime, and the finance sector was a prime target. Globally, financial institutions reported 2,527 cyberattacks, of which 690 resulted in confirmed data breaches. On average, each successful data breach in the sector cost $5.97 million, the most for any industry except healthcare.
Worse still, by 2024, banks are expected to lose $347 billion, insurers another $305 billion and capital markets an additional $47 billion — a total of nearly $700 billion, all as the result of data breaches and digital fraud.
The grim situation confronting financial institutions is closely examined in Mimecast’s new report on The State of Email Security in Finance. Based on a global survey of 1,400 information technology and cybersecurity professionals, including 156 (11%) from the finance sector, the report uncovers the cyber challenges the industry currently faces. For example, when asked about the likelihood that their institution would be harmed in 2022 by an email-borne attack, 80% of these CIOs, CISOs and other IT executives responded that it was likely, extremely likely, or simply “inevitable.”
An Industry with a Target on its Back
Cybercriminals choose their targets for maximum gain. It’s obvious why banks, brokers, and other finance institutions are among the criminal set’s preferred victims, given the extraordinarily valuable digital assets that they store. Moreover, the sector’s digital transformation efforts, including increased use of email and collaboration platforms, are creating new opportunities for cyber thieves to breach the defenses protecting the industry’s people, communications, and data.
Financial organizations routinely handle trillions of dollars in digital transactions and store an immense trove of enormously valuable data, ranging from corporate checking and credit card accounts to securities, deposits, wills, titles, and personal loans. At the same time, the complex regulatory environment and intricate supply chain in which these institutions operate, along with the accelerated shift to remote work and online transactions that took place during the COVID-19 pandemic, have created vulnerabilities, and presented bad actors with numerous routes of attack.
The outcome has been predictable: During the past several years, cybercriminals have increasingly targeted the sector with ever more sophisticated and devious schemes. This is confirmed by the SOES study. When asked what they expected their organization’s greatest email security challenges to be in 2022, 60% of the financial sector respondents pointed to the increasing sophistication of the attacks that they face, while an identical percentage singled out the growing volume of attacks. In both cases, this was higher than any other industry.
Among the key threats facing the industry, the SOES participants identified:
• An increase in email-based scams and malware-laden email (74%).
• A rising number of phishing attacks (60%, also more than any other industry).
• More frequent email spoofing attempts (52%).
• Pervasive and damaging ransomware attacks (72%).
Cyber Defenses — In Place But Limited
Given the extent of the risks that they face, financial institutions should be adamant about having a cyber resilience strategy in place and, per the SOES report, this is indeed the case — although the impact is not as far reaching as one might hope.
Fully 97% of the SOES finance sector participants either already have, are in the process of implementing, or have plans to implement a strategy to achieve cyber resilience. Where the finance sector’s cybersecurity strategies and plans fall short, however, is in terms of the systems deployed to safeguard companies from an attack and the size of the budgets dedicated to this. For example, fewer than half (48%) of the financial institutions surveyed have deployed a system for monitoring and protecting against email-borne attacks.
As a result of these shortfalls, the financial sector is not as prepared to fend off a cyberattack as it should be. To wit, 44% of the SOES finance respondents reported that their institution had experienced business disruptions due to a lack of cyber preparedness, while 38% admitted that data had been stolen and 32% acknowledged that their organization had lost money due to the same.
The Bottom Line
For the financial services sector, the danger of a data breach is immense, and the consequences could be devastating. But while the industry recognizes this, its preparations and defenses are simply not as robust as the threat landscape warrants.
For more on the cybersecurity challenges facing the financial services industry, please see Mimecast’s full report.
 “First-Half Data Breach Analysis,” Identity Theft Resource Center
 “Data Breach Investigations Report,” Verizon
 “Cost of a Data Breach Report 2022,” IBM
 “15 Salient Financial Services Cybersecurity Statistics 2021,” Fortinet
by Elliot Kass