Top 4 cybersecurity headaches plaguing Financial Services Institutions

Most Financial Services Institutions (FSIs) have digital technology at their core. And a primary responsibility for most FSIs is “cyber-connect” customers – be they organizations or individuals – with their money simply and seamlessly.

FSIs need to counterbalance these speedy, frictionless transactional experiences against the thousand-pound gorilla in the room, a.k.a: cybersecurity risk.

This Deloitte article in the Wall Street Journal distills the problem well: “Amid the massive technological transformation now underway in financial services, companies are being asked to become more agile and provide a frictionless customer experience. They must also grapple with the need to reduce costs while complying with complex regulations and managing an increasingly global workforce.”

In other words, make your services super secure and super slick. Maybe that’s why the financial services industry is predicted to face cybercrime costs of £1.5bn during 2017? Or that this industry remains the biggest spenders when it comes to cybersecurity?

So, let’s look take a look at some of the top cybersecurity headaches plaguing FSIs right now:

1 – Compliance pressure from regulatory bodies
Not only are new regulations, such as GDPR , entering the fore, but existing regulatory bodies, like PCI-DSS, are tightening their requirements, placing additional pressure on organizations to reassess their cybersecurity posture in line with these new requirements.

A known frustration however is that various regulatory bodies have conflicting requirements, intensifying a cybersecurity headache to a proper migraine.

2 – Increased risk from third-party business partners
Of course the importance of choosing your business partners continues to be key. In short, their cybersecurity vulnerabilities are your cybersecurity headaches.

Legacy contracts need reviewing and clear delineation of responsibilities are key. Additionally, the new GDPR regulation, which impacts companies around the world that collate and process personal information of EU data subjects, clearly shares the blame between controllers and processors, so “clever” contracts designed to shield organizations from legal responsibilities may lose efficacy.

3 – Threat landscape complexity
This is the one you were all expecting to show up on the list, and you would be right. The onslaught of vicious malware strains and unauthorised access via one of the hundreds of access points into a network is complex balancing act. Availability for authorised users cannot be compromised, while ensuring that the bad stuff stays at bay.

4 – The march of IoT
With new devices and technology being connected to the internet, the importance of baking in cybersecurity from the get-go is key. This difficult, costly exercise is often insufficiently considered by developers at the early stages.

Managing the plethora of devices accessing FSI services, from payment systems, websites and applications, and ensuring they cannot compromise the system remains a key focus for cybersecurity leaders in the financial industry.


Liza Minnelli nailed it when she sang “Money makes the world go round.” Without its constant flow, our world as we know it would collapse. Those of us responsible for cybersecurity in the financial industry must continually reassess the services, products and infrastructure.

The aim is simple: the perfect balance between availability and security. The journey to get there, however, is is fraught with complexities. If you think you might benefit from some expert advice along the road, Get in touch with one of us at TBG Security.

We’re here to help.

Previous ArticleTips for getting your IT security budget approved Next ArticleLessons learned from the Equifax Breach – Part 2