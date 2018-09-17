Yet risks associated with emerging technologies, including machine
learning and artificial intelligence, are prevalent and challenge
existing security defenses
Despite the volume of cyberattacks doubling in 2017, financial services
firms are closing the gap on cyberattacks, having stopped four in five
of all breach attempts last year, up from two-thirds in 2016, according
to a new research study from Accenture (NYSE: ACN). However, the study
also notes that firms will need to improve their security procedures to
heed off increasingly sophisticated attacks powered by new technologies.
The study, “2018
State of Cyber Resilience for Financial Services,” is based on a
survey of more than 800 enterprise security practitioners at financial
services firms, as well as an investigation of focused cyberattacks
having the potential to both penetrate network defenses and cause damage
or extract high-value assets and processes from within organizations.
The study notes that financial services firms stopped 81 percent of
breach attempts during the timeframe of the most recent study, up from
66 percent during the timeframe for last year’s study. It’s not
surprising, then, that more than 80 percent of executives surveyed
expressed confidence in their security protocols across all technologies
and capabilities.
At the same time, however, while more breach attempts were thwarted,
over 40 percent of breaches, on average, went undetected for more than a
week, and another 9 percent went undetected for more than one month.
This suggests that executives may be overconfident in their security
capabilities – given that it’s critical to identify a breach in days, if
not hours, to contain the damage.
“Financial services firms are converging to a level of mastery when it
comes to the security status quo, including their cyber resilience and
response readiness,” said Chris Thompson, global security and resilience
lead for financial services, Accenture Security. “But as business
technology evolves, so too must cybersecurity. The new technologies that
banks and insurers are embracing – including cloud, microservices,
application programing interfaces, edge computing and blockchain – will
create new security risks, especially as cyberattacks evolve in
sophistication.”
Although banks and insurers are increasingly dependent on alliance and
business partnerships for growth – with many firms supporting these
partnerships through open application programming interfaces – more than
one third (37 percent) of executives surveyed said they hold their
partners to lower cybersecurity standards than they do their own
business. This leaves firms vulnerable to outside security risks. In
addition, financial services firms are also extending their current
enterprise infrastructures to the network “edge” and drawing on
connected devices – including internet-connected cameras, sensors and
smartwatches – forcing security professionals to safeguard more devices
that could be used as entry points through which criminals can lurk and
observe, and then attack at will.
Yet while sophisticated technologies could pose new security threats,
they could also improve cyber resilience, according to the research.
Eighty-three percent of financial services executives surveyed said that
new technologies – such as artificial intelligence (AI), machine and
deep learning, and automation technologies – are essential to ensuring
the security of their organizations. However, only two out of five
financial services firms are currently investing in new technologies for
cyber defense such as AI/machine learning and robotic process automation
(43 percent and 38 percent respectively). In addition, just 18 percent
of executives surveyed said their firms have significantly increased
(defined as at least doubling) their cybersecurity spending over the
past three years, and only 30 percent plan to do so in the next three
years.
The results also indicate that financial services firms’ employees – in
addition to the cybersecurity team – must be actively involved in
protecting their organizations. While the surveyed organizations’
cybersecurity teams identified two-thirds of all company breaches,
employees outside of those teams identified a majority (69 percent) of
the remaining breaches not caught by the security teams.
“Cyber risks are moving beyond traditional enterprise boundaries as
financial services becomes rapidly digitized and as open banking and
third-party data sharing change how business gets done,” Thompson said.
“AI, machine learning and robotic process automation can provide a
consistent way to monitor for and combat these threats, but only if
firms are willing to invest in them.”
To view the complete financial services reports – banking/capital
markets and insurance – visit: www.accenture.com/FSstateofcyber
Methodology
For the 2018 State of Cyber Resilience study, Accenture surveyed 4,600
enterprise security practitioners, including 821 from financial services
(banking, insurance and capital markets), representing companies with
annual revenues of $1 billion or more in 15 countries. The purpose of
the study is to understand the extent to which companies prioritize
security, the effectiveness of current security efforts and the adequacy
of existing investments. Accenture also analyzed cyberattacks that
occurred from February 1, 2017 through January 31, 2018.
