Countering Cyber-crime in Financial Services


Keeping Your House in Order

This report provides an overview of the cyber-threats faced by financial institutions in 2016. Financial services sector companies are re-investing vast sums of money to enhance their cyber-security – an estimated USD 9.5bn was spent in 2015 in the US alone. Firms are recruiting former government intelligence officers and hackers to help increase their organisations’ resilience to cyber-attack. However, systems vulnerabilities are still regularly exposed by sophisticated attackers. Financial institutions and governments are working to address these threats by creating organisations designed to collate and share the information needed to offset the risks posed by the activities of cyber-criminals.

Read More

This report explains the types of threats that financial institutions face, outlines the techniques used by cyber-attackers and summarises key regulatory initiatives and collaborative efforts made by the financial services industry and governments to ward off cyber-attacks.

Accountability and responsibility for cyber-threat management in financial institutions no longer rests solely with IT, but increasingly includes business lines. Across financial institutions, business managers are becoming steadily more instrumental in focusing cyber-security investment decisions to improve the resilience of key systems to hacking attacks. This report helps business managers in financial institutions to understand the fundamental concepts of cyber-security, and provides a guide to what financial institutions must consider when attempting to optimise their organisation’s cyber-resilience.

Published on: 24 Jun, 2016

Countering Cyber-crime in Financial Services – Table of Contents

  • 1.0 Cyber-crime in 2016
  • 2.0 Security Challenges in Financial Services in 2016
    • 2.1 Perpetrators and their Motivations
    • 2.2 Cyber-attack Targets
    • 2.3 Technical Approach to Cyber-attacks
  • 3.0 International Regulation, Standards and Industry Collaboration
  • 4.0 Approaches to Security Management in Financial Institutions
    • 4.1 Independent Assessment and Tests
    • 4.2 Intelligence Gathering
    • 4.3 Cross-Enterprise Cyber-security Policies
    • 4.4 Risk Ownership and Management Accountability
    • 4.5 Evaluations and Monitoring of Cyber-security Controls
    • 4.6 Vendor Management
    • 4.7 Front-to-Back Staff Training
    • 4.8 Recovery Planning
  • 5.0 The Future
  • 6.0 Appendices
    • 6.1 Glossary of Terms
    • 6.2 Cyber-attack Regulatory Initiatives by Region
    • 6.3 National Collaboration Initiatives to Enhance Cyber-security in the UK
    • 6.4 Notorious Examples of Cyber-attacks Against Financial Institutions
    • 6.5 Table of Figures