Financial services have quickly evolved in recent years. They’ve had to.
With more people remote working, they’re accessing systems from a greater number of touchpoints. They’re working unusual hours.
Yet, in a period of accelerated change not everything has kept up back at HQ. Cyber criminals are testing every new touchpoint. Looking for a way in.
Don’t be stuck in 2020
People are, at their best, an organisation’s first line of defence. They take responsibility for that. But the support they’re getting isn’t always measuring up.
In particular, we’ve discovered:
- 42% of financial services workers say their cyber security training hasn’t changed since 2020.
- Fewer than one in five report training has ‘improved significantly’.
- 22% believe their organisation can do more to improve their training.
Cyber criminals are taking advantage. They know more people are working remotely. With one in five people also working longer hours, the likelihood of human error increases. There are more potential weaknesses to exploit.
The bottom line
There are three threats here. Cybercrime is on the up, people aren’t being trained properly, and there isn’t enough awareness that cyber threats are on the up in the first place.
Phishing for positives
Just 1% of workers interacting with a phishing scam leads to them being responsible for 55% of total attacks. It’s an alarming statistic.
But if so many people are aware of phishing tactics, why do they still work?
It all adds to what’s already a big problem. The cyber security threat is getting bigger.
There is good news. Already, 99% of people aren’t interacting with phishing scams. That’s a huge positive.
The problem is 1% are, and even worse, one in four financial services companies don’t have a policy in place for reporting phishing attacks.
How then does a modern business address that? Training is part of the mix, certainly. But when people are working remotely, how can they be effectively monitored? How can an eye be kept on them?
Where’s the line between surveillance and oversight?
It is a no-brainer employers want their people to report problems and threats. And those who feel trusted in their organisations are more likely to report threats and be proactive.
But there’s a disconnect.
Already, two in five employees are concerned over how they’re being monitored whilst working. For those working from home, the feeling of being watched is particularly uncomfortable.
These doubts add a layer of uncertainty. Will an unhappy person report something they feel may be a cyberthreat?
An invested employee certainly will. 71% of employees already declare they feel personal responsibility for their organisation’s cyber security. There’s goodwill there, and training can bolster that.
Retaining goodwill is pivotal. The onus is on organisations to make their employees feel trusted and give them the right tools and support.
Supported and trusted, people will always be an excellent line of defence.
Don’t be late to the party
Over one in five financial services employees have been targeted by cyber criminals already since 2020.
Cyber criminals aren’t hanging around, and financial organisations know this. The need to support, assist and engage with people is more important now than ever.
If organisations don’t, those three threats will continue to grow.
So, can financial services organisations make the new hybrid world work? Let’s see.