Financial services firms have "structural deficiencies" in how they manage cybersecurity, which leaves them exposed to gaps in protection.

That's according to a white paper from External IT, a provider of cloud computing, titled "Financial Services Firms Face Further Scrutiny of Their Cybersecurity Practices: Is Your Firm Ready?"

The paper not only explores common shortcomings in firms' efforts to safeguard their data, but also offers suggestions on what firms need to do to protect clients' data while at the same time being compliant.

Recommended For You

The paper identifies what it says are three key areas in which financial services firms fall short in protecting themselves:

1. The first area is a tendency to lack an official security information security policy and proactive auditing of IT and IT security.

2. The second is the frequent ability of the firm's employees to move company data back and forth from office devices to personal and home devices, generally untracked and unaccountable.

3. The third area is a lack of disaster recovery or business continuity plans already in place, should an emergency occur.

Of course, firms have other issues, such as a lack of vigilance to identify security breaches, coupled with failure to take firm and decisive action should such a breach be uncovered. Instead, the company said that firms tend either to delegate IT responsibilities to the chief technical officer or to hire an outside consultant, "both of whom are often ill-informed and reactive, rather than proactive."

In addition, failure to sufficiently vet third-party vendors, or to use vendors whose technology isn't up to the challenge, is another shortfall—as is a failure to keep records of software and data that third-party vendors, including those hired to mitigate cybersecurity risks, can access.

 

How can you transform your risk management preparedness and response strategy into a competitive advantage?

Introducing ALM's cyberSecure — A two-day event designed to provide the insights and connections necessary to implement a preparedness and response strategy that changes the conversation from financial risk to competitive advantage. Learn more about how this inaugural event can help you reduce risk and add business value.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.