by John Hawes
US financial companies are the best protected against the risk of cyberattack, with the energy and retail sectors not too far behind. In contrast, technology businesses consistently rate far lower, according to a study by risk analysis firm BitSight.
The study is based on the firm’s security risk rating system, measured by analysing factors like data breaches, but also including levels of spam and botnet traffic observed coming from within a company’s IP space and how long it takes to mop up breaches and infections.
It looked at 70 Fortune 200 companies, over the 12 months leading up to September 2013. The results show a noticeable dip around April this year, apparently coinciding with a general uptick in the threat level at around that time.
This wave hit the energy sector hardest, dropping its rating to below that of retail where it stayed for the rest of the year, but finance maintained a clear lead throughout, and technology lagged well behind for the entire period.
Financial institutions are clearly the choicest of targets for cybercrooks, combining the potential for huge one-off digital heists with access to customer data which can be leveraged into similarly huge sums through multiple smaller frauds.
Banks have also been subject to numerous hacktivist attacks in recent years, although perhaps not so much in the last year.
It seems they are doing a reasonable job of maintaining their security borders, mainly thanks to taking such things more seriously, it is suggested.
The BitSight report cites a survey, conducted in 2012 by Carnegie Mellon University’s CyLab, which found that financial firms are far more likely to employ high-level executives with explicit responsibility for security and risk (CSOs, CISOs, and Chief Risk Officers).