Protecting financial services organizations (FSO) from evolving security threats is crucial in the post-pandemic landscape. Urgent action is required as attackers constantly seek new ways to exploit vulnerabilities arising from increased digitalization, cloud adoption, complex geopolitical situation and hybrid working models.
In this scenario, understanding the cybersecurity trends and needs of particular markets and industries is extremely important to ensure that your business is well-equipped to deal with threats. As part of empowering our clients in the financial services sector to make informed decisions regarding their cybersecurity investments, the EY FSO team recently conducted in-depth interviews with 11 C-suite IT professionals from some of Finland’s leading FSOs that provide services in banking, insurance, and wealth and asset management areas.
During the interviews, security leaders shared their perspectives on cybersecurity adoption trends, organizational capabilities and the challenges encountered within their institutions. This revealed the state of cybersecurity adoption and maturity in these organizations, helping identify specific areas that needed enhanced support or greater focus to be cyber-resilient.
Here is a quick snapshot of a few interesting insights from the survey:
- Most organizations view an effective cyber management strategy and strong top-level management support as key factors for the successful implementation of a holistic cybersecurity program
- Nearly three-quarters of the respondents felt that their organizational focus on cybersecurity has increased and is adequately managed; however, only a few still considered it part of the boardroom agenda
- Over half of the respondents reported a more than 20% increase in internally reported cybersecurity risks over the last two years, despite existing cybersecurity assessment programs
- Nearly three-quarters (71%) of the respondents reported at least one security breach in the last five years
- Roadblocks to achieving full cyber resilience include transparency gaps in third-party vendor security measures, lack of board sponsorship, budgetary constraints and lack of skilled resources
- Less than one-third of the respondents were active promoters of their cybersecurity providers, while most highlighted multiple gaps in the services offered by their current vendor
- While all respondents conducted regular security audits and used standard risk assessment tools to evaluate their cybersecurity status, only 43% had clearly defined KPIs
- A majority of the respondents had implemented basic ICT vendor risk management practices covering contracting; however, only a few considered aspects around sensitive data access, monitoring access rights and single vendor dependence
- While half of the respondents had a robust disaster recovery plan, more than one-third only had a basic plan in place for their organization
- With financial services organizations having made progress in establishing security awareness programs, the next critical milestone is to embed cybersecurity into business processes
- Key drivers of cybersecurity adoption in Finnish FS organizations are adherence to regulatory requirements, data protection, security risks from third-party vendors and cloud security
The survey outcomes encapsulate a generic, anonymous and aggregated view of the survey results without specific references to the respondents.