In the rush to digitally transform their organisations to meet the challenges of the coronavirus pandemic, financial services organisations have left themselves open to an increased risk of ransomware and other data loss incidents. The heightened threat to the sector is set to continue for another two years as organisations struggle to close the gap between the new technologies they have introduced to deal with the crisis, and the security measures required to protect them. These are the findings of new research from Veritas Technologies, the global leader in enterprise data protection.
The Veritas Vulnerability Lag Report, surveyed 2,050 IT executives from 19 countries, including 245 respondents from the financial services sector. It discovered that companies in the financial services space were more likely to be struggling to keep pace with their security than those from most other sectors, with nearly half (48%) stating that their data security was lagging behind their digital transformation deployments. The average across all industries was 39%.
Financial services organisations that want to speed things up and eliminate their vulnerability lag within 12 months would need to spend, on average, an additional $2.61m and hire 29 new members of IT staff. $2.61m is 5% more than the average required across all sectors, which may be disappointing news for IT leaders in the sector, given that they already typically spent 19% more than their peers on IT initiatives last year.
Financial services companies were also less likely to have the funds required to take action everywhere that their security was lagging. 43% of respondents in the financial sector said that they lacked the funds to close all of their gaps, compared to 28% of energy companies and just 25% in the public sector.
David Wallace, Director of UK Enterprise Sales at Veritas, said: “The financial services sector has undergone a huge digital acceleration in the last 18 months, but the pace of security rollouts to protect this innovation has lagged behind. As a result, there will be increased threats to vital data, especially from ransomware. Newly created backdoors will remain open to criminals, until companies within the financial services sector are able to catch up, which our data shows is expected to take two years. These organisations were especially stretched by the challenges of COVID, as more services moved online and new products were introduced at speed. And while, of course, they were right to prioritise continuity for customers and empowering the shift to remote working, the time has now come to redress the balance between rapid innovation and security.”
Expansion of cloud increases the risk of ransomware
82% of financial services respondents have implemented new cloud capabilities or expanded elements of their cloud infrastructure beyond their original plans because of the pandemic. It is these cloud environments that are most at risk while this vulnerability lag persists. With organisations having introduced an average of six new cloud services in the last twelve months alone, 54% of respondents said that they had gaps in their cloud protection strategy – more than any other area.
Responding to the global survey, three in five IT leaders at financial services organisations said that security risks have risen due to COVID-led digital transformation initiatives, with 44% specifying that the risk of ransomware attacks in particular had increased.
Business operations have already suffered due to the vulnerability. 89% of financial services stated that their organisation had experienced downtime in the last 12 months, not least because, on average, financial services were the victims of 3.22 ransomware attacks which caused disruption and downtime to their businesses – this is nearly a third (32%) higher than the average across all sectors.
Wallace said: “While the pressures that COVID-led digital transformation put on IT departments weren’t unique to the financial services sector, its position as a highly-attractive target to hackers may have meant that the industry has felt them more acutely. With hackers beating at the door, and limited resources to push them back, it can feel like the IT team is between a rock and a hard place. But canny IT leaders are finding a third way: partnering with data protection providers that can minimise the admin burden of data protection through simplified tools that lever AI and machine learning. Taking this approach can help financial organisations to accelerate their security rollouts and stop their protection infrastructure lagging behind their digital transformation.”
Please visit our website to read the full Veritas Vulnerability Lag Report: https://www.veritas.com/form/whitepaper/vulnerability-lag.