Senior security leaders within financial services companies are challenged by a lack of trusted data to make effective security decisions and reduce their risk from cyberthreats, according to Panaseer’s 2020 Financial Services Security Metrics report. Results from a global external survey of over 400 security leaders that work in large financial services companies reveal concerns on security measurement and metrics that include data confidence, manual processes, resource wastage and request overload.
The results demonstrate myriad issues with the processes, people and technologies required to have a full understanding of an organisation’s cyber posture and the preventative measures required to stop a security control failure from becoming a security incident. The vast majority (96.77%) of respondents claimed they use metrics to measure their cyber posture, with the primary use for security metrics being risk management (41.69%), demonstrating success of security initiatives (28.04%), supporting security investment business cases (19.11%) and board/ executive reporting (10.17%).
Over a third (36.72%) of security leaders said that their biggest challenge is ‘trust in the data’ when creating metrics to measure and report on risk, followed by the resources required to produce them (21.34%), the frequency of requests (14.64%) and confusion over knowing what metric to use (15.3%). Less than half of respondents (47.75%) could claim to be ‘very confident’ that they are using the right security metrics to measure cyber-risk.