• Articles
  • February 17, 2021
  • Gareth Morris

Why financial companies are failing to recognise cybersecurity threats


The financial services industry is one of the most targeted sectors when it comes to cyber-attacks. In 2017, it suffered the highest volume of security incidents and the third highest volume of cyber-attacks, and that isn’t set to decrease any time soon for the financial sector.

Last year alone, the industry saw an 80% rise of attacks in the UK – that’s ten significant attacks per week. Clearly, cybersecurity threats are an issue for all financial service companies, so why are so many failing to recognise the risks? Our IT Security & Defence recruitment specialists at Evolution have teamed together to identify the reasons they see behind finance’s failure to keep up with cybercrime, starting with:

Failing to evolve

Cybercriminals are upskilling at an alarming rate. Phishing, malware, malicious code and DDoS attacks – they’re all becoming increasingly sophisticated, advanced and undetectable. Yet, one-third of businesses review their practices only once per year. Failing to keep up and evolve the skills of your cybersecurity team, or regularly reviewing your practices, simply means that you’ll fail to keep up with the threats.

Invest in cybersecurity IT professionals who are dedicated not only to keeping on top of the latest technology, but staying ahead of it, too.

Failing to look inside

Often, financial firms are so focused on the external cyber security threats that they neglect to consider the significant risks posed internally. Employees have authorised, and often unlimited, access to company networks, passwords, data and more – and it’s not only employees. Insider trading, theft and cybervandalism can be committed by temporary staff and contractors, too.

Ensure that your cybersecurity IT team is experienced in dealing with threats from all angles – whether that’s from cybercriminals, hacktivists, states or someone down the corridor.

Failing to acknowledge your weak links

All of your time and budget is focused on one area, when your weakest link is elsewhere. It’s often surprising for financial firms to hear that their weakest cybersecurity links are their employees and contractors. Inadvertent insiders were responsible for more than 20% of incidents last year. Phishing emails, password keyloggers, misplaced information – sometimes it's the most basic of attacks that do the worst damage.

Look for IT security candidates who have excellent communication skills and are eager to deliver regular security training to all employees, regardless of anyone’s technical ability.

Adopting a compliance-only approach

Keeping in line with cybersecurity regulations is a must, but those financial services who are strictly adhering to, not exceeding the guidelines, will fall foul of attacks. Cybercrime technology is advancing daily; too fast for regulations to keep up with. Financial firms eager to combat cybercrime need to stay ahead.

Attract the top cybersecurity talent by advertising for someone who isn’t afraid to step outside of the box and who will have the budget to secure your company beyond simple compliance.

Failing to recruit a diverse team

Women, millennials and professionals from different industries are vastly underrepresented in the cybersecurity world, but together, they present an unmissable opportunity to develop innovative, creative and unthought-of approaches to IT security and defence. The bigger the diversity in your cybersecurity team, the better.

Use a specialist cybersecurity recruitment consultancy for access to the untapped and passive market, to get IT candidates who bring a different dimension to your cybersecurity processes.

Failing to invest in cybersecurity talent

All too often, financial services make-do with an under-resourced and overworked team, or they outsource to inadequate third-party suppliers. If you’re not giving cybersecurity the respect it deserves by investing in cybersecurity IT employees and contractors, then you could be making a big mistake.

Use a specialist IT recruitment consultancy to access the top cybersecurity talent, whether that’s permanent employees, temporary staff or contractors. At Evolution Recruitment Solutions, we ensure that all of our cybersecurity candidates have experience with the latest threats, tools and technology, including AI, machine learning and robotic process automation.

Cybersecurity in financial services is crucially important. Cyber-attacks are not only disruptive, but they also impact your brand, customers, operations, services and budget; last month, Tesco plc was fined £16.4 million for the cyber-attack against its current account holders. Plus, with the IoT connected devices and cloud computing becoming increasingly popular, financial services are increasing their exposure, without increasing their prevention methods.

Get in touch

Speak to one of our specialist IT Security & Defence recruitment consultants today about finding the top talent to protect your business.


Contact us today.