Top 4 Cybersecurity Challenges Facing the Financial Services Industry

by Sarah Harvey / April 30th, 2019

Malicious hackers often have one thing in mind: stealing sensitive data for financial gain. So, what better industry to target than the financial services industry? There’s ample money, systems likely riddled with unknown vulnerabilities, and employees that just aren’t aware of how pervasive today’s cyber threats really are. Because the financial services industry is fueled by large amounts of sensitive data, organizations need to be cognizant of all of the cybersecurity challenges they’re up against. Why? Because at the end of the day, there’s two types of financial services organizations: those that have already been breached and those that will be breached.

What Cybersecurity Challenges Does the Financial Services Industry Face?

There’s a plethora of cybersecurity challenges that the financial services industry faces on a day-to-day basis. However, we believe that these top four cybersecurity challenges must be made a priority when securing your business.

1. Meeting Regulatory and Compliance Requirements

The financial services industry is heavily regulated by federal and state agencies, but they also must comply with a number of other international regulations that can often be complicated to understand. In fact, over the last two years, the New York State Department of Financial Services Cybersecurity Requirements Regulation for Financial Services Companies Part 500 (NY CRR 500) of Title 23 went into effect, the US Securities and Exchange Commission (SEC) issued interpretive cybersecurity guidance, the National Cybersecurity Center of Excellence (NCCoE) released the NIST Cybersecurity Practice Guides SP 1800-5, SP 1800-9, and SP 1800-18, and 24 US states passed bills or resolutions related to cybersecurity – all impacting the financial services industry. This is not to mention that international legislations like the European Union’s GPDR, China’s The Cybersecurity Law, Singapore’s Cyber Security Agency of Singapore, and Brazil’s Resolution No. 4,658 were created. Given that those in the financial services industry often deal with a mix of domestic and international clientele, meeting regulatory and compliance requirements is non-negotiable, and organizations must perform their due diligence to ensure that they are in compliance.

2. Third-Party Relationships

Many financial services organizations rely on third-party vendors to carry out some of their business functions. This means that the sensitive data – such as names, email addresses, phone numbers, Social Security Numbers, credit and debit card numbers, and bank account information – that is given to a vendor may not have the same safeguards that you have in place. Because of this, managing vendor risk is a critical challenge the financial services industry faces. What would happen if a third-party mailing service inaccurately packaged envelopes, leaving your clients’ bank account numbers visible from the address window? How would your clients be impacted if a third-party vendor exposed their credit score numbers? Would your organization recover?

3. Insider Threats

Like most other industries, the threat of internal personnel causing a data breach or security incident is one of the top challenges those in the financial services industry face. Whether through malicious intent or an unintentional error, if your employees are not vetted and trained properly, it’s likely they’ll cause a data breach. Do your employees know how to identify a phishing email? How sure are you that they wouldn’t fall for a social engineering attempt?

4. Technology Advancements

As technology continues to develop and we move more towards a cashless society, it’s critical that those in the financial services industry consider the challenges of securing things like mobile and web applications. Whether it’s using PayPal, Venmo, CashApp, Apple Pay, or checking your account balance online, using mobile and web applications has become second-nature to users, but they’re easily compromised by malicious hackers. Are you sure that your organization’s mobile application is secure? Could a hacker infiltrate your web application and cause a data breach?

What’s worked in the past when it comes to your organization’s cybersecurity hygiene may not be what’s needed to stay abreast of the cybersecurity challenges you’re facing today. Contact us today to learn more about how KirkpatrickPrice can help you overcome these top challenges for the financial services industry.

More Assurance Resources

Cybersecurity Expectations for Financial Institutions

Key Takeaways from the SEC’s Cybersecurity Guidance

What NY CRR 500 Means for Vendor Compliance Management

How Can Penetration Testing Protect Your Assets?