Share this article on:
Threat actors have reportedly eased the pressure on financial service organisations, with data breaches dropping, according to Thales.
In its 2024 Data Threat Report for Financial Services Organisations, the French multinational revealed that the proportion of financial service (FinServ) providers had dropped from 49 per cent to 39 per cent.
Additionally, recent breach history also dropped by over half since 2021, from 29 per cent to 14 per cent.
However, ransomware continues to be a major issue for the sector, with the report revealing that ransomware attacks against FinServ organisations continue to grow, with almost one in five (18 per cent) having suffered an attack.
Thales also discovered that the industry is underprepared for cyber attacks, with many saying they are without a plan or would not follow one.
Only a quarter of respondents said they would follow a formal plan in the event of an attack. Similarly, the same percentage of respondents had a ransomware response plan, a concern for the remaining 75 per cent, as regulations mandate they have a plan in place.
Additionally, 5 per cent of FinServ organisations resolved a ransomware attack after paying the ransom, while 9 per cent said they would pay a ransom in the case of an attack.
“A mix of sensitive, high-value data and robust compliance regulations mean financial service organisations across ANZ tend to be further advanced than other sectors when it comes to security and overall cyber security. While compliance mandates remain one of the industry’s biggest challenges, our research indicates that compliance achievements drive better security outcomes, leading to fewer breaches,” said Erick Reyes, ANZ director of data security at Thales.
“As more regulations such as APRA’s CPS 230 come into effect within the next year, FinServ organisations must remain proactive, in control and on top of both government and industry requirements.
“What is concerning when we look at new threats coming from technologies, such as generative AI and even quantum computing, is an overall lack of preparedness. Three in four organisations globally do not yet have a formal plan in place should they fall victim to a ransomware attack. Others continue to struggle with the complexities of securing their assets in the cloud, as well as integrating security within their development and operational processes.
“In environments where critical workloads are being hosted and IT and OT [are] continuing to converge, cyber security strategies that focus on comprehensive DevSecOps programs, strong cloud security and access management are key to tackling a fast-growing and sophisticated threat landscape.”
The report shows that the lack of regulatory compliance and preparedness has a strong connection to suffering a data breach. Eighty per cent of those who failed a compliance audit in the last 12 months suffered “some breach in their history”.
Of those who did not fail an audit, only 15 per cent have a breach history, and 3 per cent in the last 12 months.