Finance sector bracing for rise in cyber crime, new research reveals
Over a third (35%) of finance organisations across UK critical national infrastructure (CNI) anticipate a rise in cyber crime as a direct result of the current economic crisis, according to new research by leading cyber security services firm Bridewell.
Bridewell’s ‘Cyber Security in CNI: 2023’ research report surveyed 500 cyber security decision makers across the UK’s CNI comprising of the transport and aviation, utilities, government, communications, and finance sectors. Within the finance sector, 38% of respondents anticipate a greater risk of employees turning to cyber crime as a consequence of economic hardship. The findings come as the UK economy dips into recession, inflation remains stubbornly high and interest rates continue to rise.
Against this perfect storm of increased borrowing, energy and food costs after a prolonged period of low interest rates, almost a quarter (24%) of finance decision makers now rank employee sabotage among the biggest risks to their organisation’s IT environment. The average number of security incidents in the finance sector relating to employee sabotage has already increased by nearly two-thirds (63%) over the last 12 months – up from at least once every six weeks, to once a month.
Approximately 38% of decision makers also believe that the prevalence of phishing and social engineering attacks will grow due to the economic downturn, suggesting that threat actors could prey on employees’ vulnerabilities and financial fears to gain illicit access to sensitive data and systems.
The findings reflect a longer-term rise in cyber security risk from insiders (both malicious and negligent) over the past three years, with 72% of finance decision makers reporting an increase in insider threats since 2020. However, after a period of increased security spend last year, 62% of finance organisations are now seeing a reduction in their security budgets due to the economic downturn, potentially opening the sector to more insider risks.
Emma Leith, director of consulting at Bridewell, commented: “With current economic pressures taking their toll, cyber criminals are increasing their efforts to exploit vulnerable individuals within financial services organisations – whether through deliberate or negligent employee actions, or through sophisticated social engineering techniques, which offer a financial incentive. To address this rising threat, organisations must continue to invest in robust cyber defences, encompassing the monitoring, patching and testing of systems and access controls, user behavioural monitoring, ongoing staff awareness exercises, and vigorous data loss prevention measures to minimise the impacts of a successful insider attack.”