The financial services industry is among the most attractive to cybercriminals: Consider the potential financial gain of mining enormous amounts of personally identifiable customer information and an endless volume of monetary transactions. From banks to insurance companies, businesses in this space have access to a plethora of documents with highly sensitive customer information, says Angela Kramer, an RSM financial services senior analyst.
“Financial institutions are heavily reliant on digital platforms, and consumers who need to originate a loan for a car or house typically do it through a software program or online,” says Kramer. “That amplifies the complexity of cybersecurity threats, and risk leaders need to help mitigate that complexity.”
Over the last year, regulators have introduced new cybersecurity rules requiring institutions to elevate their standards to bolster protection against such threats. Such regulations include the U.S. Federal Trade Commission’s amendment to its Standards for Safeguarding Customer Information, which requires all nonbanking financial institutions to report a data breach incident within 30 days after discovery if it involves the information of at least 500 consumers. That Safeguards Rule update will take effect in May 2024.