At a time when cyberattacks are growing both in number and destructive power, most IT leaders in the financial sector don’t think they’re up for the challenge, new research has found.
The 2021 cybersecurity census report from Keeper Security found that the average finance company in the UK suffered 60 cyberattacks in the past 12 months, while the vast majority of IT leaders (81%) expect this number to further increase in the next 12 months.
At the same time, just 42% of the respondents believe they are well-prepared against these attacks.
What’s surprising is that in many cases, it’s the behavior of the IT decision-makers themselves putting the companies at risk. Most of them (79%) have done at least one thing that compromised their company’s security in the past year, while almost half (44%) kept the information about an ongoing attack to themselves.
Making cybersecurity a top priority
Approximately the same percentage said they re-used an existing password at work, or used poor, easily guessable credentials, while 59% admitted they weren’t addressing known vulnerabilities.
At the same time, almost two-thirds (63%) admitted it takes progressively more time to remedy a cyberattack.
“The UK’s finance sector is a lucrative target for cybercriminals given the wealth of data it possesses. The frequency, intensity, and severity of attacks we’re seeing is cause for immediate action,” said Darren Guccione, CEO & co-founder, Keeper Security.
“Senior IT decision-makers within the industry have undoubtedly had it particularly hard since the pandemic started. But the finance sector needs to make cybersecurity a top priority. Otherwise, there is a real risk that even relatively unsophisticated cyberattacks will cause serious harm and cripple organizations. Ransomware-as-a-Service is fueling an exponential increase in these attacks.”
For Keeper Security, one of the ways to go about the problem is to deploy external scrutiny. Almost all (89%) of the respondents agreed that an independent, nationwide body would be an effective way to hold businesses accountable, while reducing the level of cyberattacks aimed at the financial sector.
At the same time, most (94%) agree that there should be a law requiring basic cybersecurity protections in the workplace.
“The UK finance industry must do more to protect itself against cyberattacks,” Guccione continues.
“The simple act of protecting a company’s passwords, for example, can go a long way in preventing most of these attacks from succeeding. But the key here is to move at pace.”