A survey of 107 senior executives from across leading financial firms in the UK by Lloyds Bank has revealed that a vast majority of them are either fairly confident or very confident about their firms being suitable prepared to recover from a cyber-attack.
Despite such a high level of confidence, 26 percent and 17 percent of such executives consider revenue growth and reduction in operating costs respectively as their top objectives compared to just 17 percent who consider improving cyber security as their top objective.
Just 8 percent of them also consider improving regulatory compliance as their top objective, thereby giving us an indication of their seriousness in complying with upcoming regulations such as GDPR. At the same time, 69 percent of the executives also said that technological change will continue to be manageable in 2025 but the speed of technological change will increase between now and 2025.
Preparing for cyber-attacks
Despite high levels of confidence in dealing with cyber attacks, the survey of senior executives at financial firms revealed that such firms are preparing for future cyber-attacks in various ways and while they have invested significantly in some aspects, they are equally vulnerable to others.
For example, when it comes to conducting scenario planning to size potential financial exposure, while about 45 percent of executives said they are well-prepared, the rest of them said they are either somewhat prepared or not prepared at all. Similarly, while 52 percent said they have adopted cyber insurance to overcome the financial losses owing to cyber-attacks, 10 percent of them said that they have not adopted such insurance policies at all.
The level of preparation is also not optimum in other aspects. For instance, only 39 percent of financial firms have completed contingency planning with banking providers, 50 percent have contingency funding and capital raising in place, and 57 percent have completed cash flow and liquidity impact analysis.
Awareness of cyber risk
One very positive outcome of the survey is that a vast majority of senior executives are aware of the levels of cyber risk that financial firms face and a lot of them have already taken steps to respond to such challenges.
"The survey identifies that the risks of cyber-attack are now an established issue for financial services: 86% of respondents reported an increase or a significant increase in their concerns about cyber risk in the past 12 months. 87% increased planning, and 85% increased spend.
"Firms’ increase in concern, planning and spend for cyber risk is translating to confidence and preparedness to withstand and recover from a cyber attack: 75% of senior executives surveyed were fairly confident of withstanding a cyber-attack, with 20% very confident," the report said.
"As cyber threats evolve, it is essential that financial institutions continue to develop mitigation approaches and share learnings across the sector. There needs to be joint responsibility working with key partners and governing bodies to ensure we learn, adapt and ultimately reduce cyber-attacks across the industry," it added.