Every business is unique, and as a result the way in which every business manages identity and access management (IAM) is unique. We recently ran research with 700 global IT and security professionals to understand how IAM trends are impacted by vertical. In the report, An Industry-Driven View of Identity and Access Management, we found that a one-size-fits-all approach to IAM does not work and each industry has unique IAM strategies, challenges and priorities as a result.
The finance industry manages a high volume of risk
Financial organizations are tasked with protecting large volumes of money, and highly sensitive data is handled daily. Compliance mandates – such as the Financial Action Task Force (TASF), Bank Secrecy Act (BSA) and the EU’s Fifth Anti-Money Laundering Directive (5AMLD) – demand high standards in the way money and data are managed in order to avoid abuse and crime.
At the same time, finance continues to be a top target for a wide range of cyberattacks – both the organizations themselves and their individual customers. According to the 2020 Verizon Data Breach Investigations Reports, 86% of data breaches are financially motivated.
The high cost of cybercrime
Unfortunately, attacks in the finance industry are often successful. We found that 35% of finance organizations have had hackers gain access to their organization.
Data breach remediation can be costly. Resources must be allocated to find and close any security gaps, and sometimes outside experts are needed to complete an investigation. Lawsuits, loss of customers, and disruption to daily operations can all negatively impact the bottom line. It’s not surprising, then, that the finance industry experiences the highest cybercrime costs of all verticals at an average of $18.3 million per year.
In short, the combination of attractive targets and highly motivated attackers leaves the finance industry in a very vulnerable position. Preventing a data breach is a top priority.
Reducing risk with IAM
70% of respondents in finance indicated reducing risk is a priority when building their IAM strategy. Given the threats they face, it’s understandable that any IAM improvements must demonstrate security enhancements.
According to the report, a lack of budget isn’t as much of a challenge in this industry – only 17% indicated it is – so finance can continue to invest in better integrated solutions that holistically address access and authentication challenges. 32% plan to invest in password management – 10% more than other verticals – likely because employees are sharing sensitive credentials. 55% have already invested in MFA, but organizations could do more. MFA across applications, workstations, and VPN is a simple way to reduce risk and also makes audits and compliance mandates easier to achieve.
To address these challenges, 58% of respondents in finance say they need an integrated system to set, manage, and monitor policies.
Discover the full impact of how industry requirements shape IAM strategies in the new report An Industry-Driven View of Identity and Access Management or view our on-demand webinar How Risk Drives the Finance Industry’s IAM Strategy.