The financial services industry experiences 35% of all data breaches, earning it the unflattering title of the most-breached sector. It’s easy to understand why. The industry is known for its wide array of interconnected systems and the processing of millions of transactions — factors that render it particularly vulnerable to attack.
As the threat, frequency and impact of these attacks increase, new legal risks emerge, including litigation and steep regulatory fines. In fact, according to a Forbes Insights/K&L Gates survey, the trends that present the most potential for legal risks include dealing with data (69%), cybersecurity (47%), a changing regulatory environment (46%), fraud protection (39%) and digital transformation (39%).
Regulators are reacting quickly. For example, the U.S. Securities and Exchange Commission recently issued new guidance calling for public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack occurs. Financial institutions are also stepping up to increase data security. For instance, 92% of the 200 U.S. financial services executives surveyed by Forbes Insights are currently using encryption technology.
But getting ahead of hackers requires knowing the dangers that lurk outside an organization. Here are the top three threats facing the financial services industry:
1) Web Application Attacks
Financial institutions rely on business-critical web applications to serve customers, promote their services and connect to back-end databases. However, many of these applications are hosted online, making them easily accessible to hackers. Types of web application attacks range from buffer-overflows to SQL injection attacks, in which a hacker injects SQL statements into a data-entry field, tricking the system into revealing confidential data.
2) DDoS Attacks
Distributed denial of service (DDoS) attacks impair the performance of resources, such as servers, causing websites and applications to slow down or crash. The result: angry customers who are unable to access critical financial services when they need them most. For financial services firms, the repercussions can be even worse, including disrupted business flows, stolen data, damaged reputation and lost revenue.
3) Insider Threats
Beyond hackers, employees are among the top cybersecurity threats to financial institutions. Oftentimes, unwitting workers fall victim to phishing scams or accidentally download malware. However, disgruntled employees may collude with hackers by sharing their passwords or intentionally ignoring corporate cybersecurity protocol. Either way, insider threats can take months – sometimes years – to detect.
Amid increased exposure to these risks, financial institutions need to take measures to ensure greater data security and minimize legal exposure. To do so, consider the following steps:
- Draft internal policies, procedures and contractual provisions regarding the discovery, investigation, remediation and reporting of breaches.
- Obtain the right insurance coverage for various types of cyber risks and consider the adequacy of existing insurance programs.
- Partner with a third-party cybersecurity team that can help manage internet security and prevent cyberattacks and data breaches.
In today’s hyper-connected, technology-driven financial services sector, data security breaches, DDoS attacks and insider threats are on the rise. However, executives in the industry can take action by educating themselves on the dangers ahead and taking the right precautionary measures.
This article was originally published by Forbes.