According to a study by e2e-assure, the UK’s leading Threat Detection & Response provider, 44% of Financial Services organisations say their cyber security providers are underperforming
Compared to other industries, such as Healthcare, Professional Services and Manufacturing, the Financial Services sector came out on top as one of the most underperforming sectors.
Given the financial world’s access to sensitive information, the industry will always be highly vulnerable to cyber-attacks. It’s, therefore, essential for a strong relationship to be forged between providers to ensure cyber resilience, especially for progressive financial organisations that rely on technology such as online banking, apps, and electronic trading systems. So how can organisations ensure they have a solid cyber security defence strategy in place and what are the common underperforming characteristics across current providers?
How suppliers can alleviate CISO burn-out
The current landscape for the Financial Services sector is stark. The survey revealed that 77% of organisations have experienced a cyber attack. More worryingly, only 26% of Chief Information Security Officers (CISOs) and cyber security decision-makers across the sector say their organisation’s capabilities and defences are resilient.
One of the biggest challenges facing CISOs is overstretched teams with a lack of capacity to handle cyber threats, leading to burnout and fatigue. This was one of the contributing factors to why organisations are choosing cyber security suppliers, with 46% selecting speed as a key consideration due to the rapid response approach needed to address incoming cyber threats.
While providers can lessen the burden and workload for CISOs and their teams, accuracy is proving to be a common problem, as 28% say that their providers are escalating too many false positives. As a result, the Financial Services sector is losing confidence in supplier implementation, with 33% announcing they do not feel confident with the current cyber security operations to respond to alerts within 30 minutes.
Why your cyber security provider is not fit for purpose
With a variety of providers currently servicing the sector and offering a range of solutions, what makes a go-to supplier of high-quality cyber security solutions? The key to success is mitigating any risks by using tactics such as threat intelligence to not only disrupt attackers prior to an attack but pre-empt incoming attacks by utilising a proactive rather than reactive approach to cyber defence.
However, according to survey respondents that fully outsource their cyber security operations, 42% feel their current threat intelligence is having no measurable positive impact, and 7% say the solution has not even been implemented. Response from the sector proves organisations are looking for much more from their suppliers. Transparent pricing and clear feeds with no hidden charges are important factors for decision makers (44%) as well as access to real-time visibility of reporting dashboards (37%) to summarise any attacks and provide an overview of security across the entire organisation.
The future of cyber contracts: Flexibility and agility are key
A big problem faced by many organisations during the cyber security provider decision-making process is being tied down to long-term contracts. While there are some benefits, such as allowing for predictable costs, these are far outweighed by the downsides, which include not being able to adapt to the changing and ever-evolving needs of businesses. This lack of flexibility can lead to expensive bolt-on services to address these challenges, which restrict agility due to the long process of onboarding.
The fact that providers are not implementing proactive measures, such as threat hunting, is also problematic. In the face of rapidly evolving cyber threats, teams need to implement proactive measures and be able to act fast. Despite the disappointment in the performance of their providers, 67% of Financial Services organisations that outsource say they would be happy to relinquish more control in return for quicker decisions, with others requesting faster response times and less reliance on in-house skills. This suggests that providers should integrate more closely with in-house teams to develop a cyber defence strategy that will allow them to keep pace with the evolving landscape.
It’s clear that there is a need for a critical shift to ensure cyber defence quality meets the needs of Financial Services organisations in 2024. Moving forward, flexibility will play an integral part in organisations’ cyber defences. Long-term fixed contract terms without a clear road map will cause organisations to become increasingly vulnerable as threat tactics evolve. Without this flexibility, organisations across the Financial Services sector will become more vulnerable than ever, not only posing an immediate risk to the safety of the firm in question but also to the confidential data of clients and customers alike.
This piece was written and provided by Dominic Carroll, Director of Portfolio at e2e-assure
