Cyberattacks are 300 times as likely to hit financial firms than other companies. A sweeping new report finds they're not prepared.
- Most financial institutions are ill-equipped to respond to cyber threats against their systems, a comprehensive report on the state of wealth management recently highlighted.
- The cost of dealing with a cyberattack's aftermath is particularly high for wealth managers and banks, Boston Consulting Group found in an annual report.
- Visit Markets Insider's homepage for more stories.
Cybersecurity is a growing threat for global financial institutions, yet most of them are ill-prepared to respond within their current infrastructure, according to new report.
The cost of dealing with a cyberattack's aftermath is particularly high for wealth managers and banks, Boston Consulting Group found in its annual report on global wealth-management trends.
"I would have expected wealth managers, in the context of cybersecurity, to be a lot more ready, a lot more agile, and a lot more on their toes," Anna Zakrzewski, the firm's global leader of its Financial Institutions practice's wealth management segment and the report's lead author, said this week in an interview with Business Insider.
A bonus just for you: Click here to claim 30 days of access to Business Insider PRIME
For its report, BCG surveyed more than 150 wealth managers about how they're adapting to a rapidly changing environment amid slowing global economic growth. The report comes as wealth management becomes an increasingly crowded arena, full of non-traditional entrants and fintech companies.
'Lack of security awareness in company culture'
The firm's methodology in sussing out just how equipped wealth managers are to deal with cyberescurity threats at each stage of a possible attack paints a grim picture for the vulnerable industry. Cyber threats are 300 times as likely to target the broader financial services industry as companies in other sectors, according to BCG.
The authors ranked wealth managers' preparedness against cybersecurity threats on a scale of 1 to 5: no setup, an inadequate setup, a basic setup, an acceptable setup, and an optimal setup.
The results showed none of the wealth managers surveyed, which were not listed by name, met the criteria for "acceptable setup" or "optimal setup."
Key weaknesses BCG found in its survey included firms' "failure to prioritize cybersecurity as a top management issue," a "lack of security awareness in company culture," and "operational stress" as a result of handling a rising number of cases.
"Perhaps most critically, too few organizations focus on preparing employees and partners to act effectively before, during and after an attack," the report's authors wrote.
These findings come even as financial executives sound off about the need for greater cybersecurity protection within their firms and in the industry more broadly.
"The threat of cyber security may very well be the biggest threat to the US financial system," JPMorgan CEO Jamie Dimon wrote in his annual letter to shareholders earlier this year.
The US firm spends nearly $600 million annually on cybersecurity efforts with more than 3,000 employees devoted to that "mission" in some way, he added.
JPMorgan and other financial institutions in 2014 suffered a massive cyberattack what Preet Bharara, the former US attorney for New York's Southern District, deemed the "largest theft of customer data from a US financial institution in history."
Meanwhile David Hunt, the CEO of Prudential Global Investment Management, said in April at the Milken Institute Global Conference that he believed the "next crisis is going to come from a different place."
"I think it's going to come from technology and cyber," Hunt said. "If I were looking for the thing that worries me the most, it would be an actual attack on the infrastructure of the financial markets that really bursts into it and creates a shutdown of the major pipes we use to do business."
The SEC's warnings
The financial services industry is not on an island when it comes to growing cyber threats.
The Securities and Exchange Commission issued an investigative report in late 2018 examining nine public companies across many sectors, including finance, which lost millions of dollars as a result of cyber fraud.
The agency warned that "public companies should consider cyber threats when implementing internal accounting controls" after focusing on situations involving compromised business emails.
SEC Chairman Jay Clayton urged public companies to take this risk seriously.
"Cyber frauds are a pervasive, significant, and growing threat to all companies, including our public companies," he said in a statement. "Investors rely on our public issuers to put in place, monitor, and update internal accounting controls that appropriately address these threats."
Now read more markets coverage from Markets Insider and Business Insider: