The financial sector experiences more cyberattacks than other verticals, and those incidents result in costlier outcomes
December 2023 by Netwrix
Netwrix revealed additional findings for the financial, banking and accounting sector from its survey of 1,610 IT and security professionals from more than 100 countries.
According to the report, within the last 12 months, 77% of financial organisations detected a cyberattack, compared to 68% among other industries. Phishing and ransomware were the most common types of attacks across all sectors.
“Financial organisations are highly targeted by cybercriminals for several reasons. First, these organisations store large volumes of valuable information, which adversaries are naturally eager to steal. Moreover, they manage access to funds, which means any operational disruption is highly problematic. Accordingly, ransomware gangs may believe that financial institutions are more likely to pay a hefty ransom than other potential victims,” says Dirk Schrader, VP of Security Research at Netwrix.
The financial sector also experiences more targeted attacks on their IT infrastructure than other sectors. Indeed, 39% of financial organisations reported targeted attacks on their cloud infrastructure and 26% suffered targeted attacks on their on-premises footprint, higher than the 30% and 19%, respectively, reported among organisations overall.
“Because finance is a high-risk and highly regulated sector, financial organisations tend to have a more mature IT team, better security controls and more vigilant employees. As a result, attackers must leverage targeted attacks with more sophisticated techniques to infiltrate their IT environments,” says Ilia Sotnikov, Security Strategist at Netwrix.
The financial sector also reports higher expenses as a result of cyberattacks than other industries. In fact, 24% of financial organisations estimated their damage from incidents to be at least $50,000, compared to just 16% among organisations overall. To mitigate this risk, 73% of respondents in the financial sector either have a cyber insurance policy or plan to acquire one within the next 12 months, compared to just 59% of organisations in other industries. However, given the sector’s risk profile, insurance companies impose stricter security requirements on financial organisations: 49% of them needed to improve identity and access management (IAM) and 48% had to comply with privileged access management (PAM) requirements, compared to 38% and 36%, respectively, in other sectors.