Are financial institutions doing enough to boost cyber security?

By Staff | March 7, 2017 | Last updated on March 7, 2017
2 min read

In financial services, there are three key business trends to watch, says a new report from Toronto-based software company Security Compass. These trends are:

The increasing speed of business. Many institutions are facing competition from smaller, more nimble fintech startups.

The increasing sophistication of risk management. As cyber risks become more of an issue, boards of directors are pressuring institutions to address such challenges.

Whether institutions are controlling costs. As institutions expand globally, it’s becoming a challenge to maintain “competitive cost to income ratios,” says the report.

Read: Only 43% of Canadian businesses can spot a cyberattack

Regarding the second trend, the report finds 42% of respondents list cyber security as a top priority, while 33% say it’s high priority. This is mainly based on institutions wanting to stay on top of general risk management (77%) versus making changes based on compliance requirements (62%) breaches occurring (38%) or specific customer demand (15%).

One issue, however, is the report notes only 35% of institutions surveyed require that third-party software vendors have security policies. On the upside, all 28 companies surveyed had a chief information security Officer; these executives are tasked with ensuring information assets and technologies are adequately protected and, as the survey notes, most report to chief risk officers.

Read: 61% of S&P/TSX firms call cybersecurity a material risk

Overall, financial institutions have three levels of risk control when it comes to protecting sensitive information and controlling risks. There are management teams, risk management teams and, on top of that, internal audits.

Some of the challenges that prevent security procedures from being top-notch are companies having a lack of understanding on why cyber security is important (46%) and standard industry tools and best practices not working well across different company environments (77%; combined percentage). Here’s a link to the full report.

Read: What IIROC’s prioritizing this year

The survey was conducted between July and December 2016. Survey respondents consisted of security and risk personnel from 28 of the largest banks, insurance companies, payment companies and investment firms by market capitalization in the U.S. and Canada. In total, 46% of the respondents were financial institutions–all of which were headquartered in the U.S.–and 92% of that group reported annual revenue in excess of US$10 billion.

Read: 5 cyber security trends affecting businesses staff


The staff of have been covering news for financial advisors since 1998.