Blog

IT Trends in the Finance Sector: companies aren’t doing enough to protect themselves from cyberattacks

Written by NOVIPRO | May 26, 2020 4:00:00 AM

Investing in cybersecurity has never been as important as it is today. This is true in all industries, but especially in the financial services sector where 70% of businesses keep records of their customers’ personal data, such as credit card or social insurance numbers.

This finding comes from our annual publication, IT Trends in Medium and Large-Sized Canadian Companies. The report draws concerning conclusions about data protection, despite highly publicized security breaches in the banking sector last year.

While less than half (48%) of Canadian companies have reviewed their data protection practices, financial sector businesses are even less proactive, with 38% maintaining their existing practices. That’s a significant proportion of companies that haven’t done anything to enhance security, despite recent headlines on the topic.

These numbers are particularly alarming when you consider that 40% have fallen prey to a cyberattack in the past year. In response to the threat, 58% invested in software and 52% hired security specialists, but none (0%) has updated its approaches, practices or security tools. On a more encouraging note, the majority (51%) of financial services companies said security solutions would figure among their major IT investments planned for the next two years.

1- Cyberattacks on the rise

Cyberattacks on Canadian companies are steadily increasing, striking 37% in 2019, compared with 28% in 2018. In the financial sector, 57% of breaches were caused by an internal source, which means employees unwittingly let them in. What have businesses done to stop data leaks from happening? The most common preventive measures include advanced email protection (46%), event correlation tools (41%) and intrusion detection software (35%).

“Finance is a conservative, tightly regulated field with rigorously enforced standards,” explains Yves Paquette, co-founder and CEO of NOVIPRO. “This might explain why the IT infrastructure of so many financial sector companies was described as merely functional.”

While 72% of financial sector organizations described their infrastructure as functional, just 25% considered theirs cutting-edge. Where in-house expertise was concerned, 70% said their teams had the know-how needed to update and transform their IT.

In addition to assessing cybersecurity issues, our survey also looked at IT staffing issues and newer technologies like artificial intelligence (AI) and cloud computing. Here’s what we uncovered.

2- Artificial Intelligence: Not mainstream yet

More than one-third (36%) of financial services companies plans to make AI investments in the next two years, which is on par with the national cross-industry average. Nearly half (47%) are doing so because they want to improve productivity, while the same proportion (47%) hopes to decipher market trends.

But it’s hard to know whether or not AI has already started to affect finance firms. While 37% say they’ve already noticed the impact, 32% expect to see disruptions within 1 or 2 years, and 21% think it will take 3 to 5 years.

“Banks and financial services firms are probably investing more than they think in AI,” says Éric Cothenet, Director of Technology Solutions at NOVIPRO. “And if they aren’t, they should be. Cybersecurity is the issue of the day and most of the tools we use to fight off cyberattacks are AI driven.”

3- All eyes on the cloud

Cloud computing has already helped 53% of financial industry businesses boost their efficiency. Another 36% acknowledge that cloud solutions are the way of the future but they’re just not ready to invest in it yet. Just 8% believe it’s not a viable solution for their needs. It’s clear that cloud technology will continue to make inroads in the financial services sector over the next few years, though different companies plan to use it for different reasons. These include analytics (47%), data storage (45%), customer relations management (45%), and ERPs (39%). On the other end of the scale, just 20% of these companies say they’ll use cloud technology for disaster recovery.

The reasons cited for switching over to the cloud include reducing costs (55%), increasing agility and flexibility (43%) and updating their IT infrastructure (42%).

4- Human resources: Still a major challenge

The country-wide labour shortage hasn’t spared the finance sector, with firms still having trouble finding the right IT specialists for their needs. That said, financial services respondents said their biggest human resources concern was a lack of training and skills development (62%), which was also the primary issue for Canadian businesses as a whole (64%). Unsurprisingly, finance businesses reported challenges in attracting and retaining key workers (58%), with work–life balance issues (52%) also posing a problem.

Given how fast technology is evolving, training issues will probably continue to be a top priority for these companies for some time yet.

5- Security as a key differentiator

Financial industry businesses have to work hard if they want to differentiate themselves in the digital age, especially in the area of cybersecurity. “Companies need to quit thinking of information assets as a sunk cost,” says Alina Dulipovici, associate professor in HEC Montreal’s Department of Information Technology. “Information assets are actually a strategic investment that helps them achieve their business objectives.”  

In a time when public trust about personal data protection is waning, financial industry businesses need to see security investments as a means of improving their service offering and protecting their reputation.

Learn more about the 2020 TI NOVIPRO/LÉGER study: download the full study.