Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account
Why Cisco FSI
Effective Security for Financial Services Organizations
Stay ahead of tomorrow’s cyber threats
Background: Why security is so important for financial services
By the numbers
  • Out of 17 industries surveyed, the financial services industry has the highest costs for cyber attacks.
  • The average cost of a cyber attack in the financial services industry is $16.53 million, whereas the global average across all industries is $9.5 million.
  • In other words, a cyber attack for financial services firms is almost 80% more costly than in other industries.
  • Only 55% of financial services firms investigate daily security alerts.
  • Of the ones they investigate, 28% are considered legitimate.
  • Yet only 43% of those legitimate threats are addressed.
  • Financial organizations are particularly at risk from distributed-denial-of-service attacks, which can cost an organization more than $1 million.
  • 61% of incidents affecting online banking come with additional costs, such as leaks of confidential data and the loss of brand reputation. Surprisingly, the figure is double the price of recovering from a malware attack, which costs as much as $825,000 on average to resolve.

Source: Ponemon Institute study in October 2016.

Security Threats A lay of the land for financial services organizations

Hackers demonstrate a level of sophistication and professionalism that challenges the business’s ability to cope. Motivated by financial gain and sometimes hacktivism, they understand their targets—down to their likes and dislikes and how they conduct business. They exploit any weakness they find ruthlessly. This all means that attackers are agile, while companies can’t always say the same.

Why is effective security so important right now for financial services?

  • High consumer expectations

    Consumers expect digital account access and the ability to complete transactions at any time from any device. To compete, you need to proactively reduce security risks in your omnichannel (while addressing federal compliance concerns—which many small FinTech firms don’t have to manage).

  • Compliance, risk, and regulation

    There’s an incredible focus on compliance, risk, and regulation in financial services, even above innovation and competitive advantage. Custom applications often have to be built around compliance standards and legacy systems that cannot be migrated or integrated. This makes the addition of new, consumer-friendly digital technologies a lengthy and expensive process.

  • Hackers are getting smarter

    “Business as usual” can result in major data breaches. Cyber criminals are too smart for information security teams to become complacent. Staying ahead of threats requires detection and response via analytics, big data, and machine learning. You need a network that’s learning, adapting, and protecting – one that gets smarter every time someone tries to hack it.

  • Multiple access points

    Amid increasing security threats and compliance requirements, security capabilities must span the entire spectrum of the enterprise, including the data center, cloud connections, and all fixed and mobile endpoints. Digital transformation requires a secure infrastructure that operates at digital speed, quickly identifying and containing threats while protecting customer data and remaining compliant.

Security strategies How to keep your institution safe in the digital age

Threats are constantly evolving. Security is just as fluid. Your institution could be secure one minute, and everything could change when a new vulnerability is introduced or discovered.

The question to ask is not “Are we secure?” but rather “Does our institution have an effective security posture?”.

Are we secure?

An effective security posture starts with the following:


Blocking more threats outright. his is your first line of defense. Stop malware before it even reaches your network or endpoints, so that you can spend less time remediating infections later.

Detection and response

You can’t rely on prevention alone. The industry average for detecting a threat on a network is 100 days. See what is happening on your network, endpoints, and cloud. You can’t fix what you don’t have knowledge of. Once threats breach your initial defenses, the next step is to mitigate them, and fast. The goal is to minimize the time between detection and response.

Integration and automation

Reduce the burden on teams while accelerating the time to detect and respond to threats. An integrated threat defense starts with products that have some automation in their own right, but that also work seamlessly together for automated security across the integrated architecture. Automation can be your force multiplier, helping make IT more effective and productive. You need a force multiplier that can quickly, easily, and intelligently take action across all of your security solutions, so that you can then focus efforts where they are needed most.


Your institution should look not only at its own data but also at data from other trusted sources and open source communities, to understand attacks from all angles.

Security Solutions Technology that can help you detect and defeat cyber threats
  • Identifying threats

    Identify threats – even inside encrypted data – and block them to limit the need to remediate infections later.


  • Restricting access

    Restrict certain users from accessing apps with sensitive information within other areas of the organization.


  • Limiting impact

    Limit the impact of data breaches and compromised devices, and prevent lateral movement of threats through segmentation of users.

    Stealthwatch® Cisco TrustSec®

  • Leveraging the cloud

    Provide secure guest and corporate Internet access at the branch, and set up new, more secure branches in less time. Protect all users regardless of location or device.

    Cisco Umbrella

  • Finding and containing problems fast

    Find, stop, and remove malicious content with easy-to-use tools.


For more information about securing your financial services organization, explore our website:

Next page
Previous page