The UK’s finance sector is struggling to keep cybercriminals at bay, new research by Keeper Security has revealed. The 2021 Cybersecurity Census Report found the average finance company in the UK suffered an average of 60 cyberattacks over the last year, with most (81%) IT leaders in the sector expecting this number to further increase over the next 12 months. Yet less than half (42%) believe they are well-prepared against these attacks.
The strain on IT teams throughout the pandemic is taking its toll when it comes to cybersecurity best practice. The majority (79%) of IT decision makers at financial companies have done at least one thing to compromise their company’s security over the past year. More than 2 in 5 (44%) have kept a cybersecurity attack affecting their business to themselves, with a similar figure re-using an existing password at work (39%) or using easily-guessable login credentials such as ‘password’ (38%). The consequences of bad habits are showing, as nearly two-thirds (63%) of IT decision makers admit the time taken to respond to a cyberattack has increased over the last 12 months, with a worrying 59% admitting they are not addressing the gaps in their online security.
“The UK’s finance sector is a lucrative target for cybercriminals given the wealth of data it possesses. The frequency, intensity and severity of attacks we’re seeing is cause for immediate action,” said Darren Guccione, CEO & co-founder, Keeper Security. “Senior IT decision makers within the industry have undoubtedly had it particularly hard since the pandemic started. But the finance sector needs to make cybersecurity a top priority. Otherwise, there is a real risk that even relatively unsophisticated cyberattacks will cause serious harm and cripple organisations. Ransomware-As-A-Service is fueling an exponential increase in these attacks.”
One solution to minimise the pressures felt by IT leaders is external scrutiny. An overwhelming 89% agreed that an independent, nationwide body would be an effective way to hold businesses accountable while reducing the level of cyberattacks aimed at the financial sector. What’s more, almost all (94%) agree that businesses should be legally required to have basic cybersecurity protections in place before being allowed to operate or trade.
Guccione concludes: “At least for now, the UK finance industry must do more to protect itself against cyberattacks. The reality is that there is no silver bullet in the fight against all cyberattacks. However, there is a lot that financial organisations can do to start addressing the issue quickly and efficiently. The simple act of protecting a company’s passwords, for example, can go a long way in preventing most of these attacks from succeeding. But the key here is to move at pace, otherwise organisations in the finance industry will continue to be an easy and lucrative target for cybercriminals.”