Financial sector not investing enough in cybersecurity: PwC study

Too few organisations in the financial services sector are investing in the response mechanisms needed to cope with cybercrime incidents, a PwC survey has found.

This is despite cybercrime now being a major cause of losses in thefinancial sector, ahead of accounting fraud, bribery andcorruption andeven money laundering, it said.

The prominence of cybercrime in the figures, drawn from 878 responsesfrom professionals in the sector in 56 countries, is no surprise giventhat almost all cybercrime impacts on financial services at some point.

Cybercrime is now the secondbiggest cause of economic crimeexperienced by the sector, beating all other forms bar catch-all ‘assetmisappropriation’ (mostly simple physical theft) even though PwC admitsthat definitions of what constitutes it vary from organization toorganization.

Many financial organizations still prefer to draw a veil over the issueof cybercrime losses because of the technological ‘lack’ it suggests intheir operations.

“Our survey shows cybercrime accounts for a much greater proportion ofeconomic crime in the FS sector than in other industries,” said PwCforensic services partner, Andrew Clark.

“Cybercrime puts the FS sector’s customers, brand and reputation atsignificant risk. Regulators are increasingly viewingcybercrime as akey area of focus and financial institutions are expected to haveappropriate systems and controls in place to fight this growing threat.”

Only 18 percent of firms had all five of the incident responsemechanisms deemed important by PwC, including detection andinvestigation systems, forensics, shutdown procedures and PRand mediahelp to cope with the reputational fallout.

Tellingly, almost a third of staff in financial services had notreceived any cybersecurity training.

The latest figures are sector-specific results taken from a largerreport PwC published last November that showed cybercrime becoming ameasurable financial problem across all industries.