The UK’s financial services sector has come under a barrage of cyber-attacks since Russia’s invasion of Ukraine, but organizations are largely confident in their ability to mitigate these risks, according to a new study from Bridewell.
The cybersecurity services company polled over 100 IT decision makers from UK financial services firms to compile its latest report, Cyber Security in Critical National Infrastructure Organisations: Financial Services.
It found attacks on the sector have surged 81% since the invasion of Ukraine, the second-highest increase of any critical infrastructure (CNI) sector and proof of the mounting cyber risk stemming from geopolitics.
In addition, 69% of respondents claimed they have experienced an increase in threats in the past year, with cloud services (46%), remote employees (39%) and insecure VPNs (37%) cited as the main vectors for attack.
Ransomware was named a top risk by a third (33%) of respondents – perhaps unsurprisingly given that a fifth of incidents reported to UK regulator the Financial Conduct Authority in 2021 were ransomware-related.
However, the report also found that 94% of financial services companies are confident in their cybersecurity posture.
This confidence appears to be well placed, at least by one measure. Organizations in the sector take 13 days to discover a breach, versus 51 days in the aviation vertical, Bridewell claimed.
Bridewell director of consulting, Emma Leith, argued that surging attack volumes mean financial services firms can’t afford to let their guard down. Although they saw the lowest rate of successful attacks of any sector studied, this figure stood at 66%.
“The finance sector has made fantastic progress in evolving its cybersecurity posture, and its maturity and resilience in the face of mounting security challenges sets the standard for organizations across CNI,” she added.
“However, organizations must take further proactive steps to strengthen their security posture. They can achieve this by preparing and rehearsing cyber-scenarios and ensuring that a threat intelligence-led approach to security is firmly embedded in everything they do.”