September 17, 2019

The Lloyds Banking Group “Financial Institutions Sentiment Survey” finds that cybersecurity investment is now more of a priority for UK banks and financiers than before.

In last year’s survey cost cutting and improving customer satisfaction came ahead of cybersecurity in the corporate priorities of 100 influential executives from leading banks, insurance companies, asset managers, and other financial firms. This year it’s different.

Cybersecurity is moving up on the list of priorities

Computer Business Review reports on the new data, pointing out that still sat as first, second, and third priorities are Brexit, economic uncertainty, and new regulation respectively. But, importantly cybersecurity has moved from eighth on the list of technology investment priorities in the 2018 survey to fourth in this new, 2019, survey.

The respondents were asked how their companies would prioritise investments in a list of 10 technologies and use cases. 70% said they would be investing in information security/cybersecurity in the next 12 months. Only 6% said they “weren’t actively monitoring” the problem.

Running second on technology investment priorities was cloud technology with 60% potentially investing in the next 12 months. 49% said APIs were a likely investment in the next 12 months, followed by 38% citing data science, machine learning and artificial intelligence (AI).

Interestingly 27% of the survey’s participants saw investments in “RegTech,” or regulatory technology, as a priority for the next year, this lower figure despite GDPR’s ongoing demand for better data management and compliance.

The survey also revealed that 46% of the companies involved expect to grow overall fintech investment in the next year, with 51% continuing at current investment levels, and only 3% likely to reduce technology investment spend.

Robina Barker Bennett, Head of Financial Institutions at Lloyds Bank Commercial Banking, says:

“In 2019, firms are arguably more dependent than ever on technology. With this rapid advancement, the risks from cybercrime are increasing, placing extra pressure on financial institutions to change the way they operate.”

Five main types of cybercrime affect UK businesses

MSSPAlert recently reported on the National Cyber Security Centre’s (NCSC) findings of five types of cybercrime which are most affecting UK businesses today. These attack trends were apparent between October 2018 and April 2019.

Ahead of the list are attacks on Microsoft Office 365 patrons where cybercriminals deploy tools and scripts to attempt to guess user’s passwords. Ransomware attacks are common across all industries and size of organisation. Phishing attacks, via email, are the most common, but the exploitation of software vulnerabilities also occurs frequently, and the use of third-party IT providers or vendors can leave companies at risk too.

Systems and employees are the best defence

It’s worth noting another recent report put the best defence against phishing attacks on companies as individual employees, as 99% of email attacks rely on human interaction to be successful. Educating employees on security awareness and the type and features of phishing attacks helps to protect against this type of cybercrime.

To protect users of cloud software, like Office 365, strong and complex password deployment is key to thwart the tools and scripts used by cybercriminals.

And, vulnerabilities need to be checked for, and patched, with regular software updates and vulnerability scanning to close gaps in networks and systems.

Supply chain risk, occurring when vendor and partner systems are attacked risking your company’s own data are indeed increasing. In 2018 research by the Ponemon Institute found 61% of US organisations said one of their suppliers or partners had caused a breach.

Security awareness is vital

Security awareness plays a part in protecting against supply chain risk as well as most other types of cybercrime. For those considering increasing cybersecurity investment over the next 12 months, investing in cybersecurity awareness as well as systems and software is a prudent choice.

The Defence Works is already helping many organisations to protect against cybercrime. Try our free demo to find out how.

Share this: