Word on the web: WannaCry puts spotlight on finance’s cyber defences

The WannaCry ransomware cyber attack has highlighted strengths and weaknesses in the financial services sector’s fight against cyber crime
by Eila Madden

How do you fight back against cyber crime? It starts with knowing the threats and protecting yourself from them. Read our 'Financial crime and cyber security' page The recent WannaCry ransomware attack may have kept IT chiefs up all through the weekend, but the problem has landed fairly and squarely in the laps of corporate finance bosses. 

The Wall Street Journal’s Rheaa Rao reported that internal auditors and chief financial officers were struggling to quantify, and therefore mitigate, cyber security risks in their firms. 

This was down to two things, Sean Joyce, a principal at big four accountant PwC, told Rao. First, finance staff simply lacked the technological expertise to understand and identify the risks. And second, they were finding it hard to keep up with the complex and fast-changing nature of today’s information technology.

But failing to quantify and protect against cyber security risks can have huge cost implications that go beyond dealing with the initial IT disruption, Rao points out. 

WannaCry affected 200,000 computers in at least 150 countries. High profile organisations were hit, including the NHS, Nissan and Renault. Those organisations now have to foot the bill for shoring up cyber protection and repairing reputational damage. 

Wall Street Journal article
Unsupported browser risk Corporate finance chiefs weren’t the only group in the finance sector to come under the spotlight recently for cyber security. Financial Reporter’s Rozi Jones cites the results of a new survey by Intelliflo, software suppliers to financial and mortgage advisers. The survey finds that 44% of financial advisers have had direct experience of a cyber attack, with 30% experiencing them in their personal lives and 14% in their businesses.

In a separate poll, Intelliflo finds that 82% of consumers would sack their financial adviser if it were to become public that that adviser had been the victim of a cyber attack. 

Intelliflo told Jones that advisers needed to be more aware of how risky unsupported browsers can be. It found that 10% of its users currently use unsupported browsers or operating systems.

“The findings highlight … how important it is that advisers ensure they are using software for clients that is designed to protect data from malicious attacks,” said executive chairman of Intelliflo, Nick Eatock.
The number of computers across at least 150 countries that WannaCry affected

And he warned that it will become harder to keep potentially damaging news of cyber attacks under wraps once the General Data Protection Regulations come into force in May 2018. They will require all firms to report breaches that result in a risk to the rights and freedoms of individuals within 72 hours, making news of breaches publicly available. 

“In some cases you will be required to inform the individuals who have been affected by the breach,” Eatock added. 

Financial Reporter article
Shoring up security Not everyone in the financial services sector has been on the wrong side of the fallout from WannaCry and cyber crime in general.

The Wall Street Journal’s Rao reported that insurance firms have seen a rise in the purchase of cyber insurance, which has traditionally been most popular across consumer-facing sectors such as banking and retail. Now, firms in sectors such as manufacturing are increasingly investing in these policies.

And external auditors could see their services become more valuable as CFOs look for external help in quantifying cyber security risk. While there is currently no regulatory obligation to assess such risks, the American Institute of Certified Public Accountants is already issuing guidance to help its members provide clients with an independent opinion of how successfully cyber security risk is being managed. 

On the markets, cyber security stocks rallied in the wake of WannaCry as investors bet that concerned companies would go on an IT security spending spree. 

City AM's Lynsey Barber reported comments by Hargreaves Lansdown analyst Nick Hyett that “significant increases in public sector cyber defence spending now look inevitable”. Northern Capital Trust’s analyst Neil Campling concurred, saying he expected a spike in IT security solutions and revenue spend in the wake of WannaCry.

Against this backdrop, cloud network security firm Sophos saw its shares rise more than 7% on Monday 15 May; it was the highest climber on the FTSE 250 that day. Shares in AIM-listed ECSC climbed 25% and NCC Group saw a 2.7% hike. 

In the US, FireEye shares rose more than 7% and Symantec and Palo Alto Networks witnessed a climb of more than 3%.

If estimates from cyber security firm PGI are anything to go by, these stock bets could pay off. Barber reported PGI predictions that company spending on cyber security is set to grow by 10% in the UK and elsewhere in Europe as old outdated IT systems get refreshed.

Extra spending? Well that’s just another headache for corporate finance chiefs to contend with. 

City AM article
Seen a blog, news story or discussion online that you think might interest CISI members? Email rosalie.starling@wardour.co.uk.
Published: 19 May 2017
  • News
  • The Review
  • cyber crime
  • Word on the web

No Comments

Sign in to leave a comment

Leave a comment