The financial sector in Germany is confronted with a multitude of threats - this is the result of the current Kaspersky study "Cyber security: Focus on the financial sector". 91 percent of German financial organizations have already been affected by cyber security incidents.
A total of 91 percent of the IT decision-makers surveyed in financial organizations had already had a security incident to complain about, so that seven out of ten respondents (69 percent) therefore assess the IT risk as high. They report generic malware (26 percent), ransomware (31 percent), spyware (27 percent) and targeted attacks (17 percent).
Over 90 percent already affected
The digitization of the financial sector is experiencing an enormous development boost due to new technologies such as online banking options, mobile payment, cloud solutions and artificial intelligence. However, complex, digital financial technologies also increase the attack surface for IT security threats. A high degree of networking [2] makes the financial system particularly vulnerable to digital compromises. At the same time, the financial sector is of great importance for public life in Germany. This is shown, among other things, by the fact that the Federal Office for Information Security (BSI) has defined numerous companies and institutions from the financial sector as operators of critical infrastructures [3] – similar to energy or drinking water supply.
Complex and special attacks
The IT decision-makers surveyed in the Kaspersky study rate the level of risk as high (69 percent) - with IT security managers being even more pessimistic at 88 percent. The types of attacks were as diverse as they were complex:
- Spear phishing (40 percent)
- Ransomware attacks (31 percent)
- DDoS attacks (31 percent)
- Spyware (27 percent)
- generic malware (26 percent)
- targeted attacks (17 percent)
Nevertheless, 69 percent of those responsible for security see themselves adequately armed against cyber security incidents, and the figure at management level is even 75 percent. This sense of security is particularly due to the development of contingency plans. Overall, three out of four respondents (77 percent) refer to a business continuity plan or disaster recovery plan in their company. Financial institutions with between 1.000 and 5.000 employees seem to be best prepared. These most often rely on disaster recovery plans (87 percent), so that 80 percent of the survey participants in companies of this size feel well prepared against current cyber threats.
Financial sector always remains in focus
"Regardless of whether it's ransomware, phishing, a targeted attack or "just" generic malware, the financial industry is confronted with a diverse threat landscape," says Christian Milde, Managing Director Central Europe at Kaspersky. "It is therefore not surprising that the IT decision-makers we surveyed rate the risk situation in Germany as high. Financial institutions see themselves adequately equipped against cyber attacks because, among other things, they have emergency plans at hand. The industry still needs to invest more in IT security. Because a successful attack can lead to the loss of data, money and customers. We recommend a comprehensive, layered cybersecurity approach that covers all possible gateways.”
A member of the executive board (C-suite) of a large company (1.000 to 4.999 employees)
supports this statement, because his biggest concern is “hacking of customer data. This would involve immense damage to trust and image.”
What the financial industry fears
As part of the Kaspersky study, decision-makers in financial institutions were also asked what consequences of a possible cyber attack they fear most. For almost half of those surveyed (49 percent), this is the theft and sale of sensitive customer data. 44 percent worry about the company's image loss due to insufficient compliance with information security, 43 percent fear financial losses for the organization and its customers. About the same number believe a security incident could cost them a lot of customers (42 percent).
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/