PwC has released the results of its 2017 Global State of Information Security Survey, which polled more than 10,000 business and IT executives around the world.
The survey found that among financial service firms, detected incidents of cyber threats have hovered between 4,600 and 4,900 annually from 2013 to 2016. This year, business email compromise and ransomware are growing security risks, while phishing is the top vector for cyberattacks, with 43% of respondents citing the problem.
While the number of attacks has remained fairly flat, security spending has increased, surging 67% since 2013. This year’s survey revealed an 11% increase in security investments over 2015. Forty-one percent of responding financial services firms identified assessment of security protocols and standards of third-party vendors as the top challenge to information security efforts; the same percentage expressed intentions to boost spending on monitoring and testing of third-party partner security.
Other key challenges to information security were increasingly complex technologies (37%), rising threats from outside the country (35%), and the need for clear guidance from regulators (33%).
More financial services firms are also adopting cloud technology in their work processes, with 60% entrusting IT functions and 48% handing over finance functions to cloud service providers. Cloud technology is also being embraced for security purposes, with 60% of financial firms using managed security services for various solutions, including authentication and real-time monitoring and analytics.
The survey also found a proliferation of open-source software adoption. Nearly half (48%) of responding financial firms harness open-source software to develop IT services and improve infrastructure scalability, and 39% plan to invest in such solutions over the next 12 months. Remarkably, 45% reported improvement in their cybersecurity position from the use of open-source technology.
Regulator to grade firms on cybersecurity
Are regulators doing enough to beat cybercrime?