Financial services firms to increase cyber security budgets this year, PwC claims

Two-fifths plan to up spending to meet growing threat

Financial services firms plan to increase spending on cyber defences this year, as more businesses become aware of the risks to the sector.

Almost two-fifths of finance companies (38 percent) claimed that they would increase the amount spent on cyber security to meet the growing threat, according to a CBI/PwC survey. Meanwhile, of the 87 UK banks, building societies, insurers and other finance sector companies surveyed, only four percent planned to lower investments in this area.

Cyber crime has had a significant impact on banks and other financial firms in recent years, with threats such as distributed denial of service (DDOS) attacks becoming more commonplace. Natwest, for example, was targeted by such an attack in December, and the Bank of England has previously warned that cyber crime poses a greater risk to UK financial stability than the eurozone crisis.

According to the PwC report, the largest increase in spending during 2014 will be seen by financial services sub-sectors which have been slow to do so in the past. Seventy-six percent of investment management firms plan to increase budgets, with close to 60 percent of securities firms expecting to do the same. Both areas saw relatively small growth in spending during 2013.

However, only eight percent of banks intend to invest more in security. This follows on from a more substantial outlay last year, suggesting that the other parts of the sector are now catching up with the retail banks in terms of spending increases.

"These figures show that an increasing number of UK financial services companies are taking cyber security seriously," said Richard Horne, cyber security partner at PwC. "Cyber crime is a major threat to the UK's financial services sector, as fraudsters increasingly turn to technology as their main crime tool."

One reason suggested for the increases and continued spending is the high profile cyber attack 'stress test', Waking Shark and Waking Shark 2, lead by the Bank of England's Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA).

According to Horne, the four-hour test of the sector's ability to cope with a major attack has highlighted the need for all companies to have a "clear understanding of the cyber threats and the measures [needed] to manage the risk".

He added that the planned security budget increases need to be well-targeted to ensure that adequate protection to cyber attacks is afforded.

"Financial services companies are becoming more dependent on digital processes, and therefore more vulnerable to cyber attack...the threat is incredibly dynamic, so defence strategies need to be constantly evaluated and refined," Horne said.

Tags PwCCBIBank of England

Show Comments