Financial services companies may be vulnerable to ransomware for another two years

The Veritas Vulnerability Lag Report has discovered that companies in the financial services space are more likely to be struggling to keep pace with their security than those from most other sectors.

According to the report, nearly half of the respondents stated that their data security was lagging behind their digital transformation deployments.

As a result, financial services companies are leaving themselves exposed to an increased risk of ransomware and other data loss incidents. The heightened threat to the sector is set to continue for another two years as organisations struggle to close the gap.

Johnny Karam, managing director and vice president of International Emerging Region at Veritas Technologies, said: “The UAE financial services sector has made significant strides in introducing new technologies and services to cater to evolving customer needs. However, the Covid-19 pandemic threw a curveball that no one could have seen coming, forcing organisations around the world to make transitions more rapidly than they anticipated. This has meant that the pace of security rollouts to protect this innovation has lagged behind, leaving them badly exposed to digital risk.

“In the UAE, we’re seeing businesses across all industries make strong progress with their data protection efforts. Unfortunately, the global financial services industry still has a long way to go. The good news is companies in this sector are beginning to redress the balance: 16 per cent are confident that they will be able to close the gap this year.”

Financial services organisations that want to eliminate their vulnerability lag within 12 months would need to spend, on average, an additional $2.61m and hire 29 new members of IT staff. $2.61m is 5 per cent more than the average required across all sectors, which may be disappointing news for IT leaders in the sector, given that they already typically spent 19 per cent more than their peers on IT initiatives last year.

Financial services companies were also less likely to have the funds required to take action everywhere that their security was lagging. A total of 43 per cent of respondents in the financial sector said that they lacked the funds to close all of their gaps, compared to 28 per cent of energy companies and just 25 per cent in the public sector.

Cloud environments are most at risk while this vulnerability lag persists: 82 per cent of financial services respondents have implemented new cloud capabilities or expanded elements of their cloud infrastructure beyond their original plans because of the pandemic. With organisations having introduced an average of six new cloud services in the last twelve months alone, 54 per cent of respondents said that they had gaps in their cloud protection strategy – more than any other area.

Responding to the global survey, three in five IT leaders at financial services organisations said that security risks have risen due to Covid-led digital transformation initiatives, with 44 per cent specifying that the risk of ransomware attacks in particular, had increased.

Business operations have already suffered due to the vulnerability. 89 per cent of financial services stated that their organisation had experienced downtime in the last 12 months, not least because, on average, financial services were the victims of 3.22 ransomware attacks which caused disruption and downtime to their businesses – this is nearly a third higher than the average across all sectors.

Karam said: “While the pressures that Covid-led digital transformation put on IT departments weren’t unique to the financial services sector, its position as a highly-attractive target to hackers may have meant that the industry has felt them more acutely. With hackers beating at the door, and limited resources to push them back, it can feel like the IT team is between a rock and a hard place. However, astute IT leaders are finding a third way: partnering with data protection providers that can minimise the admin burden of data protection through simplified tools leveraging AI and machine learning. Taking this approach can help financial organisations to accelerate their security rollouts and stop their protection infrastructure lagging behind their digital transformation.”

Read: Protection, not cure, is the key to fending off ransomware criminals