Accenture surveyed 821 people from financial services firms (banking, insurance and capital markets), representing companies with annual revenues of $1 billion or more in 15 countries.

Despite the volume of cyberattacks doubling in 2017, financial services firms are getting better at stopping cyber-attacks, having defeated 81 per cent of breach attempts last year, up from two-thirds in 2016, according to a new research. However, the study also notes that firms must improve security procedures to beat increasingly sophisticated attacks powered by new technologies.

For the 2018 State of Cyber Resilience study, Accenture surveyed 4,600 enterprise security practitioners, including 821 from financial services (banking, insurance and capital markets), representing companies with annual revenues of $1 billion or more in 15 countries. The purpose of the study is to understand the extent to which companies prioritise security, the effectiveness of current security efforts and the adequacy of existing investments. 

It found that more than 80 per cent of executives at financial services firms were confident in their security protocols for all technologies and capabilities. At the same time, however, while more breach attempts were thwarted, over 40 per cent of breaches, on average, went undetected for more than a week, and another nine per cent went undetected for more than one month. 

This suggests that executives may be overconfident of their security capabilities – given that it is critical to identify a breach in days, if not hours, to contain the damage.

The world's wealth management industry is an obvious target for hackers seeking to blackmail organisations for money. In 2014, for example, 76 million client accounts at JP Morgan were hit, although the bank said no money was stolen. Fears about cyber-security can affect willingess of clients to embrace new technology in wealth management, as shown here, for example. 

Partnerships and technology
Although banks and insurers are increasingly dependent on alliances and business partnerships for growth – with many firms supporting these partnerships through open application programming interfaces – more than one third (37 per cent) of executives surveyed said they hold their partners to lower cybersecurity standards than they do their own business.

In addition, financial services firms are extending their current enterprise infrastructures to the network “edge” and drawing on connected devices – including internet-connected cameras, sensors and smartwatches – forcing security professionals to safeguard more devices that could be used as entry points through which criminals can lurk and observe, and then attack at will. 

Some 83 per cent of financial services executives surveyed said that new technologies – such as artificial intelligence (AI), machine and deep learning, and automation technologies – are essential to ensuring the security of their organisations. 

However, only two out of five financial services firms are currently investing in new technologies for cyber defense such as AI/machine learning and robotic process automation (43 per cent and 38 per cent respectively). 

In addition, just 18 per cent of executives surveyed said their firms have significantly increased (defined as at least doubling) their cybersecurity spending over the past three years, and only 30 per cent plan to do so in the next three years.

“Financial services firms are converging to a level of mastery when it comes to the security status quo, including their cyber resilience and response readiness,” said Chris Thompson, global security and resilience lead for financial services, Accenture Security. “But as business technology evolves, so too must cybersecurity. The new technologies that banks and insurers are embracing – including cloud, microservices, application programming interfaces, edge computing and blockchain – will create new security risks, especially as cyberattacks evolve in sophistication. Cyber risks are moving beyond traditional enterprise boundaries as financial services becomes rapidly digitised and as open banking and third-party data sharing change how business gets done. AI, machine learning and robotic process automation can provide a consistent way to monitor for and combat these threats, but only if firms are willing to invest in them.”