There is a prevailing notion across much of the cyber-security space that hackers have the upper hand and things are getting worse. When it comes to financial services, however, that's not necessarily the case, as cyber-security is actually improving, according to Accenture.
Accenture released its 2018 State of Cyber Resilience for Financial Services study on Sept. 17, reporting that banks and insurance companies were able to stop 81 percent of all cyber-attack breach attempts in 2018, up from 66 percent in 2017. The improvement in cyber-resilience for financial services firms was not a surprise result for Accenture either.
"We weren’t surprised," Chris Thompson, global security and resilience lead for financial services at Accenture Security, told eWEEK. "Financial services firms have been upping the ante the last several years when it comes to security, and they are approaching a level of mastery thwarting more common security threats."
The report is based on a survey of more than 800 enterprise IT security professionals. Thompson said the survey respondents were from large financial services organizations across 15 countries with annual revenues of $1 billion or more. As such, he said they provide a good representation of the industry at large globally.
Among the other high-level findings in the report was that 83 percent of respondents said new technologies are essential to keeping their organizations secure. The study also found that 69 percent of cyber-attacks against financial services organizations were detected internally by employees.
Looking at time to detection, Accenture found that 47 percent of breaches were detected in one to seven days, with 11 percent of breaches detected in less than a day. Thirty-three percent of breaches were detected in one to four weeks, while 9 percent were detected in more than one month.
There are multiple reasons why financial services firms have been able to improve their cyber-security posture over the last year. That said, Thompson noted that it’s difficult to pinpoint which technologies are having the greatest impact, as every organization is different.
"But as a whole, emerging technologies like AI [artificial intelligence], IoT [internet of things], blockchain, machine learning and security intelligence platforms are essential to securing the organization’s future and driving the next round of cyber-resilience," he said. "More financial services firms should be investing in them."
The cyber-security threat landscape is constantly evolving, and hackers are embracing emerging technologies to carry out new attacks, which is why Thompson emphasizes that financial services firms need to stay ahead of the curve through new investments.
Beyond making new investments, Thompson recommends that organizations be committed to holding their business partners to higher security standards. He added that more than a third of financial services firms are currently holding their business partners to lower standards than their own organization and are putting themselves at risk because of it. To help further improve against attacks, Thompson also suggests that financial services firms need to be committed to protecting themselves from malicious insiders.
"We continue to see more hybrid attacks against financial services firms," Thompson said. "These are external attacks that are fueled by some type of insider information or knowledge."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.