Cyber Security Investment: Finance Companies Doing More with Less

  • Cybersecurity
  • 03.11.2022 05:15 pm

The finance sector is investing wisely in cyber security tools and technologies despite allocating less than a third (32%) of their IT budget to security, according to new research from UK cyber security services firm, Bridewell.

The research, which surveyed UK cyber security decision-makers in the communications, utilities, finance, government and transport and aviation sectors, reveals that finance organisations are spending a lower proportion of IT budget on cyber security than other sectors across the UK’s critical national infrastructure (CNI). However, over three-quarters (76%) say that their organisation’s security budget has increased in the last 12 months, with investment expected to rise by a further 22% over the next year.

Despite trailing behind other sectors in the allocation of IT budget to cyber security, the finance sector is showing the greatest maturity in its threat detection capabilities. Respondents in finance say that it takes an average of only 13 days to detect a cyber attack on the organisation – a significantly shorter length of time than in communications (28 days), government (37 days), utilities (39 days) and transport and aviation (51 days). This suggests that finance organisations have greater levels of speed and visibility across systems to minimise the damage caused by a cyber breach.

Furthermore, two-thirds (66%) of finance organisations have either already implemented managed detection and response (MDR) or have an implementation in progress, a higher percentage than in any other sector. 57% have implemented or are implementing extended detection and response (XDR) to enable detection and response capabilities across network, web and email, cloud, endpoint and most crucially, identity. 

Martin Riley, Director of Managed Security Services at Bridewell, comments: “The results make for encouraging reading, especially as the finance sector continues to undergo major digital and infrastructure transformation. The sector has long been a particularly lucrative target for cybercriminals, so it’s of critical importance that cyber security budgets are spent maturing processes and technologies that give organisations the speed and visibility needed to detect escalating cyber threats. However, the finance sector should not get complacent, as detection is only one aspect of security – response and recovery are just as important.”

Related News