Cyber Security Report 2020
SIX have released an in-depth look into the state of cybersecurity in the financial services industry, focusing on emerging threats and what the industry can do to combat them.
Cybercrime is considered one of the most important operational risks in the financial industry. When it comes to cyber security, there must not be any distinction between large and small or bank and insurance.
The financial sector is an attractive target for cyberactors, given the potential access to financial assets and highly sensitive client data. Due to these factors, the financial sector is targeted by many types of cyberactors, from hacktivists with little capabilities, to opportunistic attackers leveraging malware bought in underground forums, to highly sophisticated state-sponsored actors. At the same time, the attack surface of financial institutions continuously increases, due to a larger need for digitisation and demand for online services. These developments, which were observed in previous years, were further accelerated and exacerbated by the onset of the COVID-19 pandemic. Within weeks, organisations shifted to remote working and customers relied more than ever on online banking applications, creating new targets for malicious cyberactors.
Detailed Results: United Kingdom
London is a financial hub in Europe, with the largest European stock exchange, the largest bank in Europe (HSBC Holdings), and three UK banks out of Europe’s top ten largest banks. The financial sector of the UK is regulated by the Prudential Regulation Authority (PRA) and in terms of cyber security the UK is ranked in first place internationally by ITU, due in large part to strong performance in the ITU’s organisational and regulatory pillars. According to a recent survey by the UK government, the financial sector identified cyber security as a very high priority. Additionally, the lowest ratio of cyber incidents to breaches was recorded in the UK, potentially indicating a high capability in mitigating attacks. However, the highest recorded total loss by one organisation was recorded by a UK financial services firm, which amounted to EUR 94 million.