The Financial Sector Experiences More Cyberattacks than Other Verticals, and those Incidents Result in Costlier Outcomes

Netwrix, a cybersecurity vendor that makes data security easy, today revealed additional findings for the financial, banking and accounting sector from its survey of 1,610 IT and security professionals from more than 100 countries.

According to the report, within the last 12 months, 77% of financial organizations detected a cyberattack, compared to 68% among other industries. Phishing and ransomware were the most common types of attacks across all sectors.

Financial organizations are highly targeted by cybercriminals for several reasons. First, these organizations store large volumes of valuable information, which adversaries are naturally eager to steal. Moreover, they manage access to funds, which means any operational disruption is highly problematic. Accordingly, ransomware gangs may believe that financial institutions are more likely to pay a hefty ransom than other potential victims.
Dirk Schrader, VP of Security Research at Netwrix

The financial sector also experiences more targeted attacks on their IT infrastructure than other sectors. Indeed, 39% of financial organizations reported targeted attacks on their cloud infrastructure and 26% suffered targeted attacks on their on-premises footprint, higher than the 30% and 19%, respectively, reported among organizations overall.

Because finance is a high-risk and highly regulated sector, financial organizations tend to have a more mature IT team, better security controls and more vigilant employees. As a result, attackers must leverage targeted attacks with more sophisticated techniques to infiltrate their IT environments.
Ilia Sotnikov, Security Strategist at Netwrix

The financial sector also reports higher expenses as a result of cyberattacks than other industries. In fact, 24% of financial organizations estimated their damage from incidents to be at least $50,000, compared to just 16% among organizations overall. To mitigate this risk, 73% of respondents in the financial sector either have a cyber insurance policy or plan to acquire one within the next 12 months, compared to just 59% of organizations in other industries. However, given the sector's risk profile, insurance companies impose stricter security requirements on financial organizations: 49% of them needed to improve identity and access management (IAM) and 48% had to comply with privileged access management (PAM) requirements, compared to 38% and 36%, respectively, in other sectors.

To learn more about security trends, check out the complete 2023 Hybrid Security Trends Report from Netwrix.