Nearly half of Financial Services organisations grapple with underperforming cyber security providers

Almost half (44%) of Financial Services organisations that fully outsource their cyber security operations say their provider is underperforming, according to new research by Threat Detection and Response provider, e2e-assure.

  • Wednesday, 31st January 2024 Posted 10 months ago in by Phil Alsop

Having a solid cyber security defence strategy is of urgent importance for Financial Services organisations, with ICO data breach reports showing that cyber security breaches in the industry have tripled since 2021. e2e-assure's study echoes this trend, which has found that the vast majority (77%) of Financial Services organisations have experienced a cyber attack.

Outsourcing is currently the most popular solution for Financial Services organisations when it comes to their cyber security operations (45%), compared with a hybrid approach (40%) or managing everything in-house (12%).

The key reasons Financial Services organisations outsource are so they can respond to attacks quickly (46%), gain more control (40%) over their environment, and achieve better resilience (34%) against threat actors.

But worryingly over a third (33%) of Financial Services organisations that outsource do not feel confident in their provider’s ability to act and respond to security incidences within 30 minutes of detection. A further 28% said their suppliers were escalating too many false positives, which can often occur with ‘out of the box’ set ups that are not efficiently tuned to the environment they’re monitoring. As a result, only 30% feel that they are resilient.

The survey found that hybrid teams, rather than fully outsourced providers, more commonly provide CISOs and cyber security decision makers in the Financial Services sector with stronger accountability with agreed SLAs and KPIs (61% vs 53%), client-centric delivery by teams that care (50% vs 33%), good SLA response times (66% vs 58%) and the ability to respond to threats within 30-minutes (89% vs 67%).

When asked what Financial Services organisations want from their providers, nearly half of those that currently outsource (49%) said they don’t have but desire flexible contracts that can adapt the scope of the original contract signing.

40% said that a key frustration was having to continually bolt on new service offerings to meet security needs. This can restrict an organisation’s agility and make it difficult for them to rapidly respond to cyber threats as they evolve.

With organisations locked into contracts that are not fit for purpose, this is putting them at greater risk of compromise.

Rob Demain, CEO of e2e-assure, said:

“Our study sets out to unveil the observations from CISOs and cyber security decision makers as to how their cyber security providers are performing, as criminals deploy increasingly advanced extortion techniques.

“With Financial Services organisations most commonly outsourcing their cyber security operations, but with almost half saying that they’re underperforming, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”

However, with the majority (58%) of Financial Services organisations stating that they will either be looking for a hybrid solution to extend their current team when they next procure their security operations, or seek ‘specialist expertise’, it’s clear there is an appetite among cyber security professionals to pass more responsibility on.

With the findings highlighting the need for a shift in the service offerings from providers, five key themes emerged for cyber defence rejuvenation in 2024:

1. Providers will need to prove their value

2. Security teams will relinquish more control to trusted providers

3. Contracts will need to be more commercially flexible

4. Service and tooling flexibility is a priority for organisations

5. Quality cyber defence needs to become more accessible to organisations of all sizes

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 6 days ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 6 days ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 1 week ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.