Cybersecurity experts are working in overdrive to caution the mortgage finance industry that cyber attacks are a matter of when not if, but according to a new report from Accenture, banks are still too confident about their protection efforts.
The report, “Building Confidence: Solving Banking’s Cybersecurity Conundrum”, is based on a global survey of 275 senior security executives across the banking and capital markets sectors.
For starters, banks are optimistic about their efforts so far. The report found that 78% of executives surveyed expressed confidence in their overall cybersecurity strategy.
Digging further into the numbers, more than half the respondents indicated high levels of comfort in their ability to identify the cause of a breach, measure the impact of a breach and manage the financial risk due to a cybersecurity event (cited 51%, 51% and 50%, respectively).
On the other side, the survey found that on average, respondents reported that their banks had experienced 85 serious attempted cyber breaches each year. Of these, about one third (36%) were successful, meaning at least some information was obtained through the breach. In these instances, it took 59% of banks several months to detect breaches that occurred.
“Bank executives are clearly confident when it comes to their cybersecurity capabilities, but there is still much work to be done,” said Chris Thompson, senior managing director and head of financial services cybersecurity and resilience, Accenture Security.
“Most cybersecurity assessment programs, while well-intentioned, are highly theoretical and based on known cyber attack practices. The reality, however, is very different,” said Thompson. “Fast-moving, dynamic threats are creating new challenges every day. Banks should focus on deploying practical testing scenarios that focus inside the perimeter to ultimately make the crooks’ job as difficult as possible.”
Despite banks’ security teams detecting a high number of each company’s breaches, nearly all respondents said they learned about the remainder of the breaches from their own employees.
As a result, Accenture highlighted the critical importance of establishing strong awareness, strengthening internal training programs and establishing effective internal escalation processes.
The March HousingWire Magazine issue also highlighted the growing prominence of cybersecurity breaches, citing that the number of data breaches in 2016 in the United States reached an all-time high of 1,093, a 40% spike over the 780 reported for 2015.
The infographic below gives a break down of the report’s key facts, showing that banks are confident, if not overconfident, in their ability to protect the enterprise.
Click to enlarge