Financial organisations are under pressure to increase security


Amir Sohrabi | Area Vice President | Emerging Markets | Citrix | mail me

Banks and financial service institutions (FSIs) come under pressure from government, shareholders, employees and customers as security risks increase during the pandemic.

98 percent of IT decision makers working in banks and FSIs in South Africa are under pressure to level up their security protocols, according to our new research.

This comes as 75 percent see IT security risks in the industry increasing since the start of the COVID-19 pandemic.

About the research

We worked with OnePoll to survey 600 IT managers and above in the financial services and banking sectors in South Africa, Saudi Arabia and UAE. 200 South African respondents were polled in the research, which took place in August 2021.

Employees are most likely to be pressurising their organisation to increase security, with 55 percent of IT pros reporting pressure from this group, followed by government (48%), customers (43%) and shareholders (33%).

Perhaps in response to these demands, 61 percent of respondents report that security has become a top priority in their organisation over the past 18 months. They join the further 30 percent who report that it has been a top priority ‘for years’.

It is no surprise that security has become an even greater priority since the pandemic began. As remote work became ubiquitous overnight, and employees were more likely to be distracted by personal and professional stressors, cyberattacks have increased across the globe.

This research highlights that both internal and external stakeholders have recognised the challenges, which are especially pertinent in a sector like finance.

Technology maturity

Technology maturity, namely Zero Trust and digital workspace, is driving confidence. However, despite the increase in cyber attacks and the changing demands and pressures upon them; 89 percent of IT decision makers claim they are comfortable with their IT security provisions, with 36 percent of those saying they are ‘very comfortable’.

87 percent also believe that the IT security teams in their organisations have ‘all the skills necessary’ to handle today’s challenges.

This confidence may come, at least in part, from the fact that many organisations are replacing their traditional VPN solutions with Zero Trust, cloud-based services. 48 percent of respondents have already implemented this, with another 44 percent planning to do so in the next 12 months.

A further seven percent plan to follow suit in the longer term. The biggest drivers behind this decision are improving security for access using BYO devices (41%), improving end-user experience (37%), consolidating multiple point products (35%) and having an agile and secure remote work strategy (33%).

In addition, 86 percent of IT decision makers report that they are satisfied with the digital workspace solutions their organisation has used to support remote work, over the past 18 months.

45 percent of respondents implemented these digital workspace solutions in response to the mandate to work from home last March, while a further 46 percent already had them in place prior to the pandemic.

A further nine percent plan to provide their teams with digital workspace solutions in the future, leaving just one percent without this technology in the long term.

Of the other technologies that organisations have in place to support remote working, the most popular are virtual desktops and apps (51%), video conferencing / streaming (47%), and collaboration tools such as Slack or Microsoft Teams (42%).

Skills and training gaps present potential vulnerabilities

Whilst the majority of IT decision makers feel they have the right teams in place to support their organisations’ current security posture, there may be challenges on the horizon.

74 percent of respondents admit that they will need to hire externally to get the right skills in the future, while 64 percent feel that at some point, IT security teams in their organisation ‘will need to be entirely reskilled’.

Additionally, the research uncovers some gaps in wider security training for employees of banks and FSIs. 43 percent of respondents say that security training for all employees at their organisation is provided less than once a year, with 1% admitting it is ‘never’ provided.

The challenges caused by the pandemic and the pressures put on IT decision makers by key stakeholder groups, have led to security soaring up the priority list for many financial organisations.

In conclusion

The last 18 months have clearly been a time of great change, with new technologies being implemented, so it’s highly encouraging to see most IT managers in this sector adapt and accelerate, to ensure they have the correct security posture in place.

However, this is no time to get complacent and there is clearly an opportunity for businesses to future-proof their security by upskilling their IT teams and providing regular training for the wider employee group.

There has been an alarming increase in cyberattacks since the start of the pandemic, and many of these come as a result of human error. The importance of dedicated annual training, therefore, cannot be underestimated.



Please enter your comment!
Please enter your name here