Insights from Survey of Financial Services Cyber Leaders in Asia-Pacific
Akamai conducted a groundbreaking survey of cybersecurity leaders within the financial services industry in a strategic year-long initiative across the dynamic landscape of the financial services industry in the Asia-Pacific region. This comprehensive effort not only sought to educate decision-makers but also aimed to shine a light on prevailing threats and to offer actionable recommendations to fortify security postures.
Unveiling challenges and opportunities
At the heart of this strategic program were the Financial Services Cyber Leaders Dialogue roundtables, conducted across eight sessions in the first half of 2023. The aggregate results form the cornerstone of a consolidated Asia-Pacific report, supplemented by specific country reports for Australia, India, and Vietnam.
The Asia-Pacific region is experiencing a rapidly evolving digital economy and technology landscape. However, this innovation brings on an increase in cybercriminal activity; in fact, financial services in the Asia-Pacific region is one of the most targeted industries globally.
According to Akamai’s recent State of the Internet report, The High Stakes of Innovation: Attack Trends in Financial Services, the period from Q2 2022 to Q2 2023 witnessed a 36% surge in web application and API attacks, totaling more than 3.7 billion attacks. This increase in the number of attacks, along with increased data protection scrutiny and regulatory enforcement following high-profile breaches, makes today’s cyber risk landscape notably challenging.
Risk tolerance and investment challenges
A significant revelation from the survey was the impact of risk tolerance on cybersecurity investments. Approximately 33% of respondents indicated a high-risk tolerance, which hinders increased security investment. Intriguingly, 57% highlighted that senior leadership perceived existing risks as inadequate to warrant additional security investments.
Moreover, one-third of participants faced resource challenges that impeded the implementation of new security controls. This underscores the need for organizations to overcome these obstacles and allocate resources effectively to enhance cybersecurity measures.
In a landscape where cyberthreats are evolving and growing, the financial burden of cybercrime is anticipated to reach a staggering US$10.5 trillion by 2025. The ascendance of cybersecurity to a board-level consideration becomes imperative as the consequences of an unchecked attack could disrupt financial systems, endangering critical infrastructure and potentially triggering a cascading effect on financial stability.
The complex landscape of visibility and threat intelligence
Data theft emerged as the predominant security risk, closely followed by concerns about system downtime, compliance issues, and additional data theft. Web application and API attacks took center stage due to their escalating frequency and increasing sophistication. This underscores the critical need for financial institutions to gain visibility into their critical applications, data, and dependencies.
API security challenges also came to the fore, with a striking 40% of respondents identifying API discovery and a lack of visibility into attack activity as the foremost API security issue. Practical recommendations included discovering and cataloging APIs, conducting vulnerability testing, implementing specialized API security tools, and adopting consistent API policies.
DDoS, bots, phishing, and ransomware remain top concerns
Malicious bots emerged as a significant apprehension, with a striking 90% of respondents expressing concern, and half deeming it a "major concern." Surprisingly, despite the fact that 40% of those surveyed experienced distributed denial-of-service (DDoS) attacks in the past year, only 31% considered it a top business concern. The survey revealed a 22% surge in DDoS attacks that targeted financial services in the past year, underscoring a heightened threat landscape.
Phishing attacks also posed a substantial challenge, with more than 50,000 new phishing websites created weekly. Alarmingly, 47% of phishing attacks targeted financial institutions in the Asia-Pacific region. Furthermore, only 41% of respondents expressed confidence in their ability to mitigate a ransomware attack, highlighting the need for a proactive approach to cybersecurity.
Fortifying the financial services industry in Asia-Pacific
While cyberthreats transcend borders, cybersecurity regulation in the Asia-Pacific region remains fractured and localized. The active development of cybersecurity regulations across jurisdictions continues, and financial institutions must keep pace with changes and refinements.
Amid the emergence of numerous regulations and standards, the underlying direction and overarching themes are clear. Financial institutions that build cybersecurity programs with the mandate of full visibility into the technology ecosystem, designed with resilience and vigilance, guided by a company-wide strategy, and supported by strong governance measures from the board, will be well-placed to meet evolving standards.
Collaboration, innovation, and adaptability are essential
The results of Akamai's Financial Services Cyber Leaders Survey provide a nuanced understanding of the cybersecurity landscape in the Asia-Pacific region. As financial institutions navigate an increasingly complex threat environment, the survey serves as a compass, guiding leaders to address challenges and implement practical solutions.
From adopting a Zero Trust architecture to updating incident response playbooks, the imperative is clear — collaboration, innovation, and adaptability are essential for safeguarding organizations in this era of evolving cyberthreats.
