CFOtech New Zealand - Technology news for CFOs & financial decision-makers
Story image
Financial sector tops list for cyber attacks – report
Thu, 28th Dec 2023

The Financial sector appears to be the most inviting target for cybercriminals, experiencing a substantially higher rate of cyber attacks as compared to other industries. According to a recent report from Netwrix, a Texas-based cybersecurity company, 77% of financial organisations identified a cyber attack on their infrastructure within the past 12 months. This is in comparison to a comparatively lower figure of 68% across other sectors.

Netwrix sourced its data from 1,610 IT and security professionals across more than 100 countries. The collected data indicated a clear pattern - financial domains were being specifically targeted due to their vast reserves of valuable information and direct access to funds, making them prime targets for cybercriminals. Remarkably, phishing and ransomware emerged as the most common types of attacks across all sectors.

Dirk Schrader, VP of Security Research at Netwrix, offered a perspective on the intensified threat financial organisations face. He stated, "Financial organizations are highly targeted by cybercriminals for several reasons. First, these organizations store large volumes of valuable information, which adversaries are naturally eager to steal. Moreover, they manage access to funds, which means any operational disruption is highly problematic. Accordingly, ransomware gangs may believe that financial institutions are more likely to pay a hefty ransom than other potential victims."

The reported data also highlighted the sophisticated nature of these attacks. 39% of financial organisations reported targeted attacks on their cloud infrastructure and 26% suffered targeted attacks on their on-premises footprint - figures that are notably higher than 30% (cloud) and 19% (on-premises) experienced by other organisations. Sharing his insights, Ilia Sotnikov, Security Strategist at Netwrix, noted: "Because finance is a high-risk and highly regulated sector, financial organizations tend to have a more mature IT team, better security controls and more vigilant employees. As a result, attackers must leverage targeted attacks with more sophisticated techniques to infiltrate their IT environments."

When it comes to financial fallout from cyberattacks, the financial sector again outpaced other industries. A significant 24% of financial organisations estimated that their damages from an attack rested at a minimum of $50,000, sharply contrasting the mere 16% amongst all other organisations. Given a higher risk of expensive consequences, 73% of financial organisations already hold or plan to procure a cyber insurance policy within the coming year, compared to just 59% of organisations in other sectors. However, due to their drawn-out risk profile, insurance companies demand stricter security constraints on financial organisations. Almost half of them had to augment their identity and access management, and comply with privileged access management requirements.

This trend underscores the ever-increasing need for bolstered cybersecurity measures across the financial sector. As the preferred targets for cyber attackers, financial organisations must deploy efficient countermeasures to protect their infrastructure robustly.