The Veritas Vulnerability Lag Report surveyed 2,050 IT executives from the UAE and 18 other countries, including 245 respondents from the financial services sector. The report discovered that companies in the financial services space were more likely to be struggling to keep pace with their security than those from most other sectors, with nearly half (48%) stating that their data security lagged behind their digital transformation deployments. The average across all industries was 39%.
Increased risks amid digital expansion
Financial services companies (FSCs) appear to be exposed to an increased risk of ransomware and other data loss incidents. This heightened threat is set to continue for another two years as organisations struggle to close the gap, according to the report.
Johnny Karam, Managing Director and Vice President of International Emerging Region at Veritas Technologies, said, “In line with the UAE government’s ambitions to establish a strong digital economy, the UAE financial services sector has made significant strides in introducing new technologies and services to cater to evolving customer needs. However, the COVID-19 pandemic threw a curveball that no one could have seen coming, forcing organisations around the world to make transitions more rapidly than they anticipated. This has meant that the pace of security rollouts to protect this innovation has lagged behind, leaving them badly exposed to digital risk.
“In the UAE, we’re seeing businesses across all industries make strong progress with their data protection efforts. Unfortunately, the global financial services industry still has a long way to go. The good news is companies in this sector are beginning to redress the balance: 16% are confident that they will be able to close the gap this year.”
Financial services organisations that want to eliminate their vulnerability lag within 12 months would need to spend, on average, an additional USD 2.61 million and hire 29 new members of IT staff, according to the report. USD 2.61 million is 5% more than the average required across all sectors.
FSCs were also found to be less likely to have the funds required to take action in every area where they were vulnurable. 43% of respondents in the financial sector said that they lacked the funds to close all of their gaps, compared to 28% of energy companies and just 25% in the public sector.
Ransomware and the cloud
Cloud environments are most at risk while this vulnerability lag persists: 82% of financial services respondents have implemented new cloud capabilities or expanded elements of their cloud infrastructure beyond their original plans because of the pandemic. With organisations having introduced an average of six new cloud services in the last twelve months alone, 54% of respondents said that they had gaps in their cloud protection strategy – more than any other area.
Three in five IT leaders at financial services organisations said that security risks have risen due to COVID-led digital transformation initiatives, with 44% specifying that the risk of ransomware attacks had increased.
Business operations have already suffered due to this vulnerability. 89% of financial services stated that their organisation had experienced downtime in the last 12 months and, on average, FSCs were the victims of 3.22 ransomware attacks which caused disruption and downtime to their businesses – this is nearly a third (32%) higher than the average across all sectors during the last year.
Karam said, “While the pressures that COVID-led digital transformation put on IT departments weren’t unique to the financial services sector, its position as a highly-attractive target to hackers may have meant that the industry has felt them more acutely. With hackers beating at the door, and limited resources to push them back, it can feel like the IT team is between a rock and a hard place. However, astute IT leaders are finding a third way: partnering with data protection providers that can minimise the admin burden of data protection through simplified tools leveraging AI and machine learning. Taking this approach can help financial organisations to accelerate their security rollouts and stop their protection infrastructure lagging behind their digital transformation.”
A recent survey by Vertias highlighted the dangers of employee errors when working with the cloud.
