Roughly 306.4 billion emails were sent and received each day in 2020, and with the figure expected to rise to over 361.6 billion in 2024, the potential to make a mistake –with potentially disastrous consequences – is rising.

Should information end up in the wrong hands, financial services institutions could be especially vulnerable. The industry deals with highly sensitive information, including fiscal transactions and financial data, which could result in notable losses of money. And cybercriminals prey on these kinds of email.

Organisations spend an average of $3.85m recovering from security incidents, with the usual time to identify and contain a breach being 280 days, the Ponemon Institute has found. According to a Crypsis report, the financial services industry was subject to the second-highest number of cyberincidents of all industries, behind healthcare, with the highest number of business email compromise attacks in 2019.

And while external threats seem to make the headlines, such as the Capital One incident, unintentional breaches do not always garner as much attention. Yet, they can be as dangerous as each other. In fact, human errors are almost twice as likely to result in confirmed data disclosure.

There is no doubt that costs vary depending on the scale of the breach, but at a minimum there will be financial repercussions, and costs for auditors to understand why the incident happened and what additional protocols and solutions need to be implemented to prevent it from happening again. There could also be huge costs in reimbursing affected customers.

It is not just financial penalties and costs that organisations have to worry about: the reputation of a financial services business is essential in order to maintain a customer base. Those that fail to protect customers’ sensitive information will have to manage the negative press and mistrust from existing and potential customers that could seriously affect the organisation as a whole.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from The Accountant.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In such a highly competitive market, it does not take much for customers to take their money elsewhere – customer service is everything. A direct and stratified cybersecurity approach is fundamental to minimise risk and secure private information in the financial services sector. Three key factors must be considered:

1. Data loss prevention (DLP)

A firm would be able to implement security measures for the detection, control and prevention of risky email-sending behaviours through DLP solutions.

It is only humans that can truly decide between what is safe to send and what is not: technical solutions such as machine learning can only go so far to prevent breaches. In practice, machine learning will either stop everything from being sent – becoming more of a nuisance than support – or it will stop nothing. DLP solutions do not delay the working practices of users, but instead, give them a critical second chance to double check when selecting the right email recipient.

Users can be prompted based on specific parameters – for example, colleagues in different departments exchanging confidential documents with each other and external suppliers means the To and CC fields are likely to have multiple recipients in them. The tool gives users a chance to check the accuracy of recipients and contents of attachments where a simple incorrect email address or a cleverly disguised spoofed email would likely be missed. This alert can be the critical factor in cybersecurity efforts.

2. Verification and encryption

Security protocols are designed to prevent most instances of unauthorised interception and email spoofing where, for example, hackers may try to attack systems directly or intercept emails via an insecure transport link. Adding a dedicated email to email encryption service to your email security suite increases your protection in this area. However, it is important to remember that encryption and authentication do not safeguard against human errors and misdeliveries.

3. Strategy and education

Cybersecurity awareness training is important for businesses to enable the success of security guidelines and rules regarding the circulation and storage of sensitive financial information. Employees should be trained when joining an organisation, and then enrolled into an ongoing programme with quarterly or monthly short, informative sessions.

Training should incorporate ongoing phishing simulations, as well as simulated phishing attacks, to demonstrate how incidents can appear and educate them on how to spot and flag them accordingly.

Reinforcing security messaging, while reminding employees regularly of the risks involved and working in tandem with simulated phishing attacks, ensures that everyone is capable of spotting a scam and knows how to handle sensitive information.

Organisations can reduce the risk involved when sending corporate and financial emails by taking a dynamic approach to cybersecurity. With a stratified system consisting of awareness training, verification tools and DLP solutions, organisations can be confident in their workplace’s security.

Cybercriminals see financial services organisations as a key target, and this desire for hackers to get hold of personal information and financial transitions will never diminish. This means financial institutions should ensure that cybersecurity is a priority by frequently evaluating risks, deploying innovative solutions, and training employees in order to provide the best possible protection.