Palo Alto Networks reveals alarming cyber gaps in banking and insurance


In an eye-opening study by Palo Alto Networks and IDC Research, the state of cyber resilience across EMEA has been brought into sharp focus.

The research, focusing on Chief Information Security Officers (CISOs) across these regions, uncovers significant concerns in the cybersecurity preparedness landscape.

Alarmingly, only 38% of CISOs in EMEA believe their cyber resilience state is mature. This statistic grows even more concerning when we consider that merely 28% of these professionals regularly test their recovery plans. In an era where cyber threats are increasingly sophisticated, this lack of preparedness could spell disaster.

The banking, financial services, and insurance sectors, traditionally seen as fortresses in cybersecurity, also show concerning trends. Only 21% of CISOs in these sectors regularly test recovery plans. These industries, despite being heavily regulated, are falling behind in cybersecurity resilience, which is particularly worrying given the sensitive nature of their operations.

The challenges don’t stop there. Talent shortages and a lack of skills in emerging security technologies are major roadblocks, with 70% of respondents citing these as top challenges. Additionally, the struggle to correlate data across multiple point products is hampering efforts, with 52% of respondents acknowledging this issue.

Haider Pasha, Chief Security Officer for EMEA & LATAM at Palo Alto Networks, emphasizes the uphill battle faced by CISOs. Geopolitical events and supply chain disruptions are intensifying threats, while talent shortages and a lack of expertise are making it challenging to prepare for future attacks. Pasha notes, “Despite moderate maturity levels across EMEA and LATAM, it’s surprising how few CISOs are equipped to regularly test their recovery plans.”

The research also highlights a lack of differences in cyber resilience approaches between European, Latin American, and Middle Eastern markets. However, it does pinpoint countries where cyber resilience is a higher priority, such as the Kingdom of Saudi Arabia, Spain, Brazil, and France.

Technology challenges are also a part of this complex picture. A mere 11% of EMEA countries use mature cybersecurity controls, and most rely on traditional methods like business continuity plans. This reliance suggests a focus more on response rather than proactive planning.

Pasha further adds, “Many organisations don’t yet have the resources and confidence to implement a cyber-resilient tech stack designed to prevent attacks.” This scenario leaves them relying on disaster recovery tactics, which are reactive in nature.

However, there is a silver lining. The research indicates a shift in culture towards cyber resilience, with senior leadership playing a pivotal role. 72% of respondents pointed out that board members are the primary drivers of an organisation’s focus on cyber resilience, a factor even more influential than regulatory imperatives.

In conclusion, while the challenges are many, the commitment from senior management to develop clear cybersecurity policies and strategies could be the key to enhancing cyber resilience across the board.

Copyright © 2024 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.