Is Fintech Investing Enough in Cybersecurity?

Recent years have seen an explosion in the popularity of fintech businesses. With a huge rise in the number of alternatives to major banks, as well as launch of platforms for cryptocurrencies and other tech solutions for the financial services industry, perhaps it is no surprise that the industry has gained traction.

But along with its growth in popularity, the fintech industry has also seen an astonishing rise in cybercrime. This has led to questions over whether the sector is putting into their cybersecurity. Perhaps a key part of this is down to the famously well-protected banking sector. 

Fintech companies vs. banking cybersecurity

The banking sector is one that is well known for its well funded and exhaustive cybersecurity protections. They then go on to assume that fintech businesses will automatically have the same levels of cybersecurity protection. However, this is not guaranteed to be the case, and it has led to instances where customers have felt let down by perceived failings from fintech businesses.

The fact is that businesses in the banking sector are highly regulated. Maciej Markiewicz at NetGuru explains: “Cybersecurity in banking is enforced through legal regulations, which require banks to provide reliable and secure services and to implement robust cybersecurity procedures and operational processes aimed at optimising those services. Since fintech providers aren’t banks, they aren’t as strictly regulated and have greater flexibility in adjusting to the existing requirements”. 

This ultimately means that fintech businesses are able to operate without such powerful cybersecurity. However, this makes those businesses potentially highly value targets for cybercriminals. 

Fintech is increasingly being targeted

Cybercrime is rising for all industries. It is simply the case that every business must up their game in terms of their cybersecurity if they want to stay protected. However, fintech businesses are being targeted above and beyond many other industries. And there are actually a number of reasons why this is the case.

According to one source, incidents of cybercrime against companies in the financial services industries have risen by 238% in the past year. What makes fintech companies such an attractive target is that they are directly involved in financial transactions, they store a great deal of customer data and the fast pace of change in the industry as a whole can make it difficult to protect. They are therefore less likely than other institutions to have powerful cybersecurity in place. 

Key cyber threats to fintech

As we have seen and unfortunately for those running fintech businesses, there are many things that make them attractive targets for cybercrime. Certain types of threats can be deployed against fintech businesses that have not put adequate defences in place. Here are some of the key cyber threats facing this sector:

• Money theft – this is perhaps the most simple and obvious. Fintech companies process transactions involving significant sums of money. If criminals can find a way to exploit a business it can directly steal money from either the company itself, or from its customers. 
• Identity theft – the amount of personal data that fintech businesses store make them a target. Schemes using social engineering can allow cybercriminal to steal identities and either launch further attacks to sell details on. 
• Data breach – not all cybercrime is targeted at stealing money directly. Many fintech businesses have a great deal of valuable data and information. Some criminals are more interested in stealing this data, which might include trade secrets or key business information. 
• Ransomware – another form of attack commonly deployed against fintech companies is that of ransomware. In this type of attack, criminals steal all of the data on a company’s system and demand a ransom be paid before returning it. Failure to pay the ransom will see customers’ data published. 

Key cybersecurity investments for fintech businesses

There are a number of investments that all fintech businesses – no matter their size – would benefit from. Given that this can be simply given as a blanket statement indicates there really is no excuse for companies not to put their money behind powerful cybersecurity measures. Of course, each will need to be customised around the specific needs of the business, but their usefulness is universal.

Some of the key cybersecurity investments for businesses in the fintech sector include:

• 24/7 monitoring – it is no longer the case that reactive forms of cybersecurity, such as firewalls and antivirus software, are enough to keep you secure. Modern cybersecurity, especially for businesses in the tech sector, requires constantly monitoring and supervision by professionals. Cybersecurity solutions specialist Matthew Kaveney explains: “In-house security monitoring can become a tedious task. With so many alerts popping up per day, it can be difficult for in-house IT to keep up. Professional 24/7 monitoring tools like artificial intelligence and automation can be used to their fullest extent.”
• Penetration testing – penetration or ‘pen’ testing is “a form of ethical cybersecurity assessment designed to identify and safely exploit vulnerabilities affecting computer networks, systems, applications and websites”. It is used to finding issues that could potentially be exploited by cybercriminals, and then providing the organisation with information on how to fix and mitigate the issues.
• Traditional cybersecurity – we spoke above about how reactive cybersecurity isn’t enough on its own. However, it still has an important role to play in keeping businesses secure. Ensuring that you have properly set up antivirus and firewall software, and to make sure that these are regularly updated. 

Are fintech companies investing enough?

With cybercrime on the rise, fintech businesses need to take cybersecurity very seriously. Those companies that aren’t putting in the investment expose themselves to a significant level of risk. With more customers likely to come to fintech businesses over the coming years, as the general public becomes more accustomed to the industry, it will be up to businesses to do everything they can to keep their systems protected, to keep their customers safe.