Tom_BainBy: Tom Bain, SVP Marketing, RiskRecon

RiskRecon and Cyentia are back. We’re excited to announce that we have a full agenda of research and insights to deliver to the market this year.

We released a report Tuesday intending to measure the key dimensions of risk that directly influence potential risk exposures for Finance sector organizations.

Download the Report Here

Finance-Report-Industry-ComparisonWhy is does this report matter? 

If you’re a third-party risk practitioner or part of a cybersecurity team in Financial Services, you probably have a decent handle on identifying internal risk, as well as knowing, and being able to document the cyber controls you have in place.

Second, you likely have an understanding of how your business makes money, based on how the business is structured to deliver services around financial processes, transactions, etc. This is an excellent step in aligning cyber risk with business risk.  

However, you might not know exactly how your organization is viewed externally, or which IT assets are web-facing, that might introduce a potential set of risk factors. This is a blind spot that isn’t limited just to the Finance sector, where organizations on their own don’t have a viable option to visualize and prioritize risk – for their organization, and for their third and fourth parties.

RiskRecon delivers this external visibility and risk prioritization through analytics and workflow that help organizations solve this issue. Through our approach, we deliver this objective external view, so that organizations understand their cyber risk posture. This is the equivalent view for how a potential attacker would target a company, knowing the vulnerable pathways to get to data – a predictive view of potentially dangerous cyber conditions you might face.

What’s in This Report for You?

The goal of this research initiative with the Cyentia Institute is to analyze a subset of our own data, sliced vertically across Finance sector companies.

The result is a data set that enables security and third-party risk teams to benchmark digital risk factors they face against other industries, even sub-sectors within the Financial Services market. 

Insights you'll find in this report:

  • The financial sector boasts the lowest rate of high and critical security exposures among all sectors. This indicates they’re doing a good job managing risk overall.
  • Not all types of financial service firms appear to be managing risk equally well. For example, the rate of severe findings in the smallest commercial banks is 4x higher than that of the largest banks.
  • It’s not just small community banks struggling, however. Securities and Commodities firms show a disconcerting combination of having the largest deployment of high-value assets AND the highest rate of critical security exposures.
  • Others appear to be exceeding the norm. Take credit card issuers: they typically have the largest Internet footprint but balance that by maintaining the lowest rate of security exposures.
  • Finally, the industry average rate of severe security findings in critical cloud-based assets is 3.5x that of assets hosted on-premises.

Research is research and data is data. However, we’ve provided a detailed set of recommendations based on the insights within the report that sets our new series of research releases apart in this market.

We’ve oriented these suggestions for third-party risk and cybersecurity teams at Financial firms to think differently about their overall risk surface, and what they are potentially exposing to the Internet. With the interdependencies on third and fourth-party organizations, you need to run your business, it’s important to shift your mindset to the fact that their risk is your risk. Download this report today to see the full results of our study.

Download the Report Here