As custodians of sensitive personal and financial data, financial services firms have always been an obvious target for cyber-attackers, but the pandemic has brought fresh security challenges.
One report found that as many as 62% of firms have experienced a cyber-attack in the past 12 months, and 40% say the number of cybersecurity incidents has gone up when more people were working from home. In the finance, insurance and credit sector, the number of cyber-security incidents reported under GDPR jumped by 54% between January and June compared to the previous year.
The upheaval caused by the pandemic has played into the hands of cyber-attackers. Some firms were ill-equipped for employees working remotely in large numbers, and few could have foreseen the sheer volumes of enquiries from customers concerned about their mortgage, loans and investments. With staff busy navigating the crisis and potentially distracted, it’s no surprise that reports of phishing attacks jumped exponentially in the first half of 2020 on the same period the previous year.
We know that a data breach is costly in terms of the resources needed to contain it and the significant impact it can have on market reputation, customer trust and investor confidence, not to mention regulatory fines.
One estimate puts the average cost of a breach in the financial services sector at £4.7million, ranking it third only behind energy (£5.1m) and healthcare (£5.7m). But the costs can be much higher, of course – another report found that a UK-based financial services firm suffered a £71m loss after a cyber-attack in 2019.
The question is, why wait for the inevitable?
People are an organisation’s greatest asset, especially in relation to cyber resilience, so it’s essential that you put them at the forefront in the fight against growing the risk of cyber-attacks. Financial Services firms must implement robust policies and provide effective training plans to improve security behaviours at home as much as in the workplace. Short, targeted yet immersive training ensures they receive clear and easy-to-follow practical advice.
There are likely to be severe repercussions for firms that fail to uphold the FCA’s expectations for organisational resilience and protecting customers, and this includes cyber-security. As well as maintaining the correct IT systems and controls, the FCA underlines the need for ‘a secure culture’, reminding firms of the importance of investing in training. This includes:
“Understand[ing] and measur[ing] the level of awareness within the organisation and its effectiveness so that additional training and support can be provided where it is needed.”
It further highlights the power of training when it is tailored to ‘users’ roles, access and responsibilities’ with reference to case studies wherever possible.
Regardless of whether staff are working from home, eLearning systems help to ensure that everyone, including new-starters, receives the correct training in cyber awareness designed to reduce the risk of falling victim to a wide range of cyber-attack and data breach threats. Good training can also be used to highlight skills and knowledge gaps among individuals and teams, in addition to monitoring, measuring and reporting who has completed their training.
Given the costs associated with a data breach, it’s clear that investment in quality and role-specific cyber awareness and resilience training could pay for itself many times over.
Download our free guide, Mind The Compliance Gap Guide and other digital learning and compliance resources here.
Click here for our complete course collection, which includes resources on cyber-security and operational resilience, including courses tailored specifically to financial services professionals.