The financial services sector is one of the worst affected by data breaches and cyber attacks.
Indeed, according to IBM and Ponemon Institute’s Cost of a Data Breach Report 2023, the average cost of a data breach for financial services organizations is $5.9 million, compared with an average of $4.4 million across all other industries.
Attacks on financial organizations are largely driven by the gains successful criminals can expect to make: as well as the obvious lure of money itself, there is a wealth of sensitive data to be had, such as extensive customer information, and valuable records.
The recently published 2023 Financial Services Sector Threat Landscape report from Trustwave SpiderLabs examines the latest cybersecurity threats faced by the financial services industry.
Ransomware is a particular concern. A 2022 survey of financial institutions found that 74% had experienced at least one ransomware attack in the previous year.
Ransomware-as-a-service models, in which attackers can hire ransomware platforms for a fee or a cut of any ransom paid, are becoming increasingly popular. Trustwave SpiderLabs reported a “continuing rise in ransomware incidents” affecting the sector, led by the Cl0p, LockBit and AlphV/BlackCat gangs.
- Supply chain and third party risks
The financial sector is particularly at risk thanks to its relationships with merchants and payment processors, as well as third-party providers of code, APIs, vendors, and other managed services.
Moreover, attacks on third-party providers of software and services are also rising sharply according to Trustwave SpiderLabs.
For instance, February’s GoAnywhere attack affected several banks, and the MOVEit Transfer attack – in which the Cl0p gang exploited a zero-day vulnerability in Progress Software’s popular file transfer service – impacted more than ten financial institutions, including Deutsche Bank, ING Bank, Charles Schwab, and TD Ameritrade.
Global regulatory response
In light of these increased risks, regulators around the world are implementing stricter measures to ensure the financial services sector and its supply chain remain secure and operationally resilient.
One such law is the EU’s DORA (Digital Operational Resilience Act), which is due to come into effect in January 2025.
DORA (the Digital Operational Resilience Act)
DORA sets out a harmonized approach to digital operational resilience across the EU’s financial sector via a regulation and three directives.
The DORA Regulation sets out network and information systems security requirements for organizations in the EU’s financial sector and their third-party ICT (information and communication technology) service providers – wherever those providers are located.
If your organization operates in the EU’s financial services sector or provides it with ICT services, it’s essential to understand how the Regulation affects you and what you need to do to ensure your compliance.
Join our free webinar, Dora compliance and what it means for the financial sector, on October 18, 2023, 10:00 – 10:45 (EST) to find out more.
Free webinar: Dora compliance and what it means for the financial sector
In today’s ever-evolving financial landscape, compliance isn’t just about following regulations; it’s about shaping the future of your organization. The EU’s Digital Operational Resilience Act, or DORA, is a game changer that’s redefining the way financial entities operate. It’s not merely a set of rules, but a roadmap for achieving digital operational resilience and maintaining a competitive edge.
- What DORA is and its significance for financial entities.
- Exploring DORA’s directives and regulations.
- How DORA enhances digital operational resilience across the EU and US.
- The benefits and importance of compliance for financial organizations.
- How CyberComply can help your DORA compliance journey.