Highlights from the 2018 NSCP / ACA Aponix Cybersecurity Compliance Programs Survey

Highlights from the 2018 NSCP / ACA Aponix Cybersecurity Compliance Programs Survey
14.03.2019 12:25 pm

Highlights from the 2018 NSCP / ACA Aponix Cybersecurity Compliance Programs Survey


Financial services firms today are under almost constant cyber threat. According to a University of Maryland report, computer networks are being attacked every 39 seconds. Given that the average cost of a cyber-related data breach in 2018 was $7.5 million per incident — up from $4.9 million in 2017 — the urgency to close compliance gaps is high.

Benchmarking your firm’s cybersecurity program against those of your peers is a smart way to identify the compliance gaps your firm should address. ACA Aponix recently partnered with the National Society of Compliance Professionals (NSCP) to conduct the 2018 NSCP / ACA Aponix Cybersecurity Compliance Programs Survey. The goal of the survey, which received over 200 responses, is to provide financial services firms the opportunity to gain insight into cybersecurity compliance programs across the industry. 

During a recent webcast, I spoke with Steve Blossom, Senior Principal Consultant at ACA Aponix, about the key findings from the survey. ACA also put together a report that contains in-depth results and analysis from the survey. You can download the full report here.

Below are some highlights from the survey.

Cybersecurity is a Serious Risk to All Firms

Not surprisingly, 80% of the survey’s respondents strongly agree that cybersecurity concerns are a serious risk, regardless of the firm’s size. This is up by about 10% from last year’s survey. Compliance is particularly important in the financial services industry given it is the most targeted industry for security incidents according to IBM’s 2018 Report

Assessing Vendor Risk is a Challenge

Third-party risk management is nascent for many firms, and the number of vendors they assess varies with firm size, as expected. Among survey respondents, 57% conduct diligence on key vendors annually. In addition, 79% of firms rely on external audit reports or on questionnaires for diligence. On-site data center visits are declining as more firms are migrating to cloud storage solutions and leveraging audit reports/questionnaires.

Cybersecurity Risk Assessments Remain a Top Budget Priority

In our 2017 cybersecurity compliance programs survey, respondents anticipated cybersecurity testing/assessments would be their biggest security spend in 2018, which also proved to be true in our 2018 survey. 

Respondents also expect to more than double their spending on vendor management efforts over the next 12 months.In addition,respondents predict they will spend less this year on core IT controls such as email spam filtering, anti-virus software, and wireless network security. Why? Likely because they have already upgraded these tools over the past 12-24 months.

Firm Size Correlates to Data Loss Controls 

A significant number of small firms responded that they do not block any of the three primary data loss/malware vulnerabilities: personal email, file sharing, and social media. However, 50% of all firms block at least one of the three and firms with 500-1000 employees indicated they block all three. Regarding full-disk encryption on laptops, 88% of all firms claim to be in compliance.

Cyber Insurance Adoption – and Coverage – Rates are on the Rise

The number of firms indicating they have purchased cyber insurance inched up slightly in 2018 to 54%. However, the amount of coverage being purchased increased significantly 39% of firms indicated they maintain more than $5 million in coverage, while most firms indicated they maintained $1-3 million in 2017. Many smaller firms are choosing not to purchase insurance. 

Incidents/Breaches Are Common, as are Regulatory Cyber Exams

23% indicated they had suffered an outage or breach due to a cyber incident, with 37% of those incidents being “serious” (an outage lasting more than- one hour or resulting in financial harm, e.g., a ransom paid). Not surprisingly, the number of SEC, NFA, and FINRA cyber exams firms reported increased by double-digit percentages.

Full Survey Report

In our report, The State of Cybersecurity for Financial Services Firms: Results and Analysis from the 2018 NSCP/ACA Aponix Cybersecurity Compliance Programs Survey, we dive deeper into results, analysis, and actional guidance from the survey. The report covers a variety of cybersecurity themes including attitudes, staffing, spending, testing, regulatory audits, preparation, vendors, cloud usage, and more. 

Button: Download the report

Additional Resources

If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.

How ACA Can Help

ACA Aponix offers the following solutions that can help protect your firm from vulnerabilities and related cybersecurity risk, including:

Related News

Generation Z demands stronger fraud protection from banks

 As stories of banking data breaches continue to hit the headlines, consumers are increasingly sceptical about the security of their online bank accounts. Now, new research by... Read more »

TMD Security Global Survey Highlights Business Case to Replace Keys and Cards With Integrated TMD Access Management for ATM and Branch

TMD Security announced today that its global survey of thirty banks, ATM deployers, CITs and service providers revealed three major business reasons for replacing keys and... Read more »

Ledger Vault Obtains Groundbreaking Custom Crime Insurance Policy

 Ledger, the global leader in security and infrastructure solutions for digital assets and blockchain applications, today obtained a crime insurance policy covering digital... Read more »

Six Broker-Dealers Select IHS Markit to Manage Questionnaires for Securities Financing Transaction Regulation

IHS Markit, a world leader in critical information, analytics and solutions, today announced that BofA Securities, HSBC, UBS and 3 other global broker-dealers will leverage ... Read more »

FICO Releases Machine-Learning Cyber Risk Score on AWS Marketplace

Analytic software firm FICO announced today that the latest release of the FICO® Cyber Risk Score is now available on AWS Marketplace. The latest release of the FICO Cyber Risk... Read more »

Fingerprints Unveils Next-Gen Touchless Authentication Platform

Fingerprint Cards (Fingerprints™) today launched its Touchless 2.0 platform, combining the convenience of face recognition with the security of iris, to meet demand from... Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel