A significant 35% of finance organisations across the UK’s critical national infrastructure (CNI) foresee an uptick in cyber crime triggered by the ongoing economic crisis, says new research from top cyber security services company, Bridewell.
The research, titled ‘Cyber Security in CNI: 2023’, encompassed 500 cyber security decision makers from various sectors such as transport and aviation, utilities, government, communications, and finance.
In the finance sector, a concerning 38% of respondents believe that there will be an increased risk of employees engaging in cyber crime as a fallout of the economic hardship. This anticipation arrives as the UK economy plunges into recession with high inflation and rising interest rates adding to the woes.
Amidst escalating borrowing, energy, and food costs, following an extended period of low interest rates, nearly a quarter (24%) of finance decision makers consider employee sabotage as one of the major risks to their IT environment. The past year has seen a startling increase of nearly 63% in security incidents connected to employee sabotage in the finance sector.
Around 38% of decision makers also predict a rise in phishing and social engineering attacks due to the economic slump, indicating that malicious actors could exploit employees’ financial vulnerabilities to gain unauthorized access to sensitive data and systems.
Reflecting a longer-term surge in cyber security risks from insiders (both deliberate and negligent), 72% of finance decision makers reported an increase in insider threats since 2020. However, 62% of finance organisations are witnessing a cutback in their security budgets due to the economic crisis, which could potentially expose the sector to heightened insider risks.
Bridewell director of consulting Emma Leith said, “With current economic pressures taking their toll, cyber criminals are increasing their efforts to exploit vulnerable individuals within financial services organisations – whether through deliberate or negligent employee actions, or through sophisticated social engineering techniques, which offer a financial incentive.
“To address this rising threat, organisations must continue to invest in robust cyber defences, encompassing the monitoring, patching and testing of systems and access controls, user behavioural monitoring, ongoing staff awareness exercises, and vigorous data loss prevention measures to minimise the impacts of a successful insider attack.”
Keep up with all the latest RegTech news here
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst