Financial services players are the most mature in terms of their cyber-security infrastructure, according to a new study from Wavestone. Typically firms in the sector spend higher amounts of their IT budget on security – but other factors, including new technology, may also be at play.
Businesses face a new wave of cyber-threats, thanks to the advent of AI technology. The rise of generative AI-powered attacks have seen the estimated cost of cybercrime for businesses average $5.34 million annually in recovery expenses, while less than half of IT security professionals feel effective in risk mitigation.
Against a tense geopolitical backdrop, and summer events including the Olympics and European Championships, businesses are going to face even more cyber-threats in the coming months, with malicious actors even potentially including nation states. Against this backdrop, Wavestone has carried out a detailed benchmark of the continent’s businesses based on a field assessment of almost 200 security measures.
Source: Wavestone
Over the past five years, data from more than 150 organisations, representing nearly 7 million users, has been consolidated and analysed. The results illustrate the long way to go for all companies, particularly large corporations (with sales of more than $1 billion in the database), and improvement has been slow – with those firms also seeing their overall cyber-security maturity score rise to 53% this year, compared with 52% in 2023.
The score being relative to the requirements of the international standards NIST CSF Framework & ISO 27001/2. Looking at the findings in more detail, however, there are some best practices to build on. The finance sector comes out on top with a score of 60%. While there are real differences in maturity between the large scale banks and insurers, which are less mature on average, overall the sector is far ahead of its other equivalents.
Looking into why that might be, Wavestone found that budget was a big part of it. While on average, a company’s IT budget saw 6.6% of funds dedicated to security, this rose to 7.8% in the finance sector. That is more than 3% higher than the proportional spend of the energy sector, which also sees one of the lowest levels of cyber-maturity in the study.
Source: Wavestone
Gérôme Billois, the Wavestone partner responsible for the firm’s cybersecurity business, said, “Many senior management teams are asking to do more with the same resources, forcing cybersecurity teams to rationalize their activities (e-g with near/off-shoring) or to arbitrate between their risks”.
But clearly there are still other factors at play besides spending – because companies in the services sector have the second-highest security budget at 7.8%, while they are also the least mature of any sector. To that end, another factor helping some firms to supercharge their cyber-security measures is the use of AI – the source of many new threats – against itself. In the realm of data protection in particular, some firms made significant progress in 2024 by deploying AI models.
According to Wavestone, 49% of large groups are ready to use AI to facilitate access to data while maintaining its confidentiality, thanks to the use of tools enabling them to identify, inventory and classify data. This backs up previous research from IBM, which found that AI and automation solutions help firms identify and contain a data breach in 108-fewer days than those without the technology. Those companies also reported a $1.76 million lower data breach cost compared to organisations that didn’t have such capabilities.
This post was originally published on 3rd party site mentioned in the title of this site
