Financial services firms to increase cyber security budgets this year, PwC claims

Two-fifths plan to up spending to meet growing threat

Financial services firms plan to increase spending on cyber defences this year, as more businesses become aware of the risks to the sector.

Almost two-fifths of finance companies (38 percent) claimed that they would increase the amount spent on cyber security to meet the growing threat, according to a CBI/PwC survey. Meanwhile, of the 87 UK banks, building societies, insurers and other finance sector companies surveyed, only four percent planned to lower investments in this area.

Cyber crime has had a significant impact on banks and other financial firms in recent years, with threats such as distributed denial of service (DDOS) attacks becoming more commonplace. Natwest, for example, was targeted by such an attack in December, and the Bank of England has previously warned that cyber crime poses a greater risk to UK financial stability than the eurozone crisis.

According to the PwC report, the largest increase in spending during 2014 will be seen by financial services sub-sectors which have been slow to do so in the past. Seventy-six percent of investment management firms plan to increase budgets, with close to 60 percent of securities firms expecting to do the same. Both areas saw relatively small growth in spending during 2013.

However, only eight percent of banks intend to invest more in security. This follows on from a more substantial outlay last year, suggesting that the other parts of the sector are now catching up with the retail banks in terms of spending increases.

"These figures show that an increasing number of UK financial services companies are taking cyber security seriously," said Richard Horne, cyber security partner at PwC. "Cyber crime is a major threat to the UK's financial services sector, as fraudsters increasingly turn to technology as their main crime tool."

One reason suggested for the increases and continued spending is the high profile cyber attack 'stress test', Waking Shark and Waking Shark 2, lead by the Bank of England's Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA).

According to Horne, the four-hour test of the sector's ability to cope with a major attack has highlighted the need for all companies to have a "clear understanding of the cyber threats and the measures [needed] to manage the risk".

He added that the planned security budget increases need to be well-targeted to ensure that adequate protection to cyber attacks is afforded.

"Financial services companies are becoming more dependent on digital processes, and therefore more vulnerable to cyber attack...the threat is incredibly dynamic, so defence strategies need to be constantly evaluated and refined," Horne said.

Join the CSO newsletter!

Error: Please check your email address.

Tags CBIBank of EnglandsecurityPwC

More about PRAPricewaterhouseCoopersPrudential

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matthew Finnegan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts