Cyber crime has increased in financial services sector, says report
Nearly a third of staff in sector have not received cyber security training
Cyber crime has increased over the last year to become the second most reported economic crime affecting financial services firms, according to a survey conducted by consultancy firm PwC.
The survey, entitled The Global Economic Crime Survey, asked 3,877 people - from 78 countries and a range of industries - a number of questions on economic crime and cyber crime.
With 38 per cent of respondents reporting that it has taken place in their firm in the past 12 months, cyber crime is the second-most common type of economic crime in financial services.
Asset misappropriation was the most common type of economic crime, as 67 per cent reported its occurence. Respondents were able to report more than one type of economic crime as part of the survey.
While 38 per cent of financial services respondents named cyber crime, just 16 per cent of respondents from other industries reported the same crime.
"This is not wholly surprising as the financial services sector holds large volumes of the type of data cyber criminals are interested in and there is an established underground economy servicing the needs of the market for stolen and compromised data," said the report.
The report also asked firms what concerns they have about cyber crime. Both financial services (54 per cent) and other industries (36 per cent) said the biggest concern is reputational damage.
"Cyber crime puts the sector's customers, brand and reputation at significant risk. Regulators are increasingly viewing cyber crime as a key area of focus and financial institutions are expected to have appropriate systems and controls in place to fight this growing threat," said Andrew Clark, forensic services partner at PwC.
However, only 18 per cent of financial services respondents said they have in place the five measures to respond effectively to cyber crime, specified by PwC.
These include in-house capabilities to prevent, detect and investigate cyber crime, shut-down procedures, access to forensic technology investigators, and a media and PR management plan.
"We expected most organisations to have cyber crime incident response mechanisms in place. To our surprise, only 18 per cent of financial services respondents said they had in place all five measures specified in our survey," said Clark.
"It appears that some financial services organisations are complacent about the risks that cyber crime poses, in spite of serious concerns about potential damage arising from cyber threats."
"When a cyber crime incident occurs, the first few hours are crucial. It is particularly important to react quickly and decisively, as the consequences of not doing so can be severe in terms of both financial and non-financial damage."
However, the report says that it is encouraging that financial services organisations are being proactive about cyber security-related training and awareness programmes. Only 29 per cent of financial services respondents said they have not received training, compared with 46 per cent for other industries.
But it is still a concern that nearly a third of respondents haven't received training and that much more could be done to clearly define cyber crime, as well as the responsibilities of managing it within each firm.
According to the report, financial services respondents see cyber crime as predominantly an IT issue. Clark claimed the problem of cyber crime does not lie with the IT department but with senior management.
"Overall responsibility for managing cyber crime risks rests with senior management. It is therefore essential that senior management understand the potential risks and opportunities the cyber world can present and ensure that there is clear accountability and responsibility within the organisation for dealing with these risks and opportunities," he said.
The financial services sector represented 23 per cent of the overall survey population with 878 respondents from 56 countries.