Posted on February 17, 2023
Estimated reading time 2 minutes
If you are subject to a cyber-attack, your response time to the attack is vital in order to diminish the impact on your business. On average, companies take 197 days to identify and 69 days to contain a breach according to IBM. The average number of days for financial services firms to identify a breach is 163, according to the report. According to Microsoft’s Digital Defence Report, the average time it takes an attacker to begin moving laterally within the network once a device is compromised is as short as 1h 42min. While financial services firms are amongst the best prepared and highly capable organisations at detecting and responding to cyber incidents due to the value of the data that they hold, we are a way off any ideal in terms of identifying and containing attacks.
New requirement on reporting
Currently, there is no legal requirement for a firm to report an attack to the FCA in the UK. Figures show just 116 attacks were reported to the organisation in 2021 and a mere 76 in 2020. The FCA regulate around 48,000 firms in the UK, so it is clear not all attacks are being identified and even when they are, not necessarily reported. While there is a strong narrative from the FCA around new regulation regarding cyber-attack, there isn’t currently any recommendation on how quickly firms should be able to identify and then report an attack.
Timely notification of incidents
The Securities and Exchanges Commission (SEC) in the US has gone a step further and published proposed amendments to their regulatory requirements that would require current and periodical reporting of incidents, allowing just 4 working days for an incident to be reported. The proposed amendments are intended to better inform investors about a regulated firm’s risk management, strategy and governance and also to provide timely notification to investors of material cybersecurity incidents. It is important to note that in the case of the FCA and SEC, the subjective interpretation as to what is, and what is not, a material cybersecurity incident for the purpose of disclosure is not clear at this stage and will be difficult to categorise.
The impact of time
Regardless of regulatory requirements now or in the future the IBM report, along with other industry commentary, shows that a key challenge for firms is the speed at which a business can identify, categorise and remediate following an incident. The impact of the length of time to remediation is difficult to measure and depends not only on the nature of the attack but also what your current security posture includes.
Near real time visibility
Prepare thoroughly. Strategic investment in security technologies that can enable insights in near real time is the cornerstone that all other security measures lead from; this level of technology is attainable for any organisation with the support of a third party specialist. Today’s reality is cyber security that mitigates risk, helping your firm minimise risk. Near real time insights can be achieved partly by built in automation for reporting purposes and to help eliminate the chance of human error, while also increasing detection of a security threat by tailoring workflows according to your specific business requirements.
Ensuring you have a panoramic view of your data and virtual network is vital; eliminating 3rd party platforms that are not monitored by your security systems is essential to manage data visibility in case of a data breach.
Training and awareness programmes for your team will increase awareness of what an attack might look like.
Adequate budget to implement the security technologies you require to meet regulatory and investor standards must be in place.
A thorough policies and procedures programme that includes regular audits and assessments will also help you see in real time if the technology you have in place is supporting your cyber needs.
Which of these steps would have the biggest impact on your operational resilience?
Consult with our team for a baseline assessment and you get a detailed analysis of your current performance, which is then benchmarked. We will share itemised recommendations for any improvements that are required, as well as their impact on your overall performance, so that you can prioritise accordingly. No security operations team of your own? We can implement the recommendations and deliver your roadmap to improved operational resilience.