Dec 19 2023

Financial Companies Should Update Their Cybersecurity Incident Response Plans

Every company in the industry has an incident response plan, but not every plan is up to the challenge.  

Financial services companies are under increasing threat from cybersecurity attacks. As noted by the American Banking Journal, more than 60 percent of global financial institutions with assets of $5 billion or more were targeted by cybercriminals in 2022. Financial services companies, in fact, are second only to manufacturing in terms of the prevalence of attacks, with 18.9 percent of attacks worldwide directed at the industry.

Incident response plans are essential to both mitigate the impact of these attacks and ensure alignment with evolving compliance regulations. For many firms, however, there’s a disconnect between planning and action; while they generally have IR processes in place, they’re not sure if their plans will hold up when an attack inevitably happens.

Here’s a look at what banks are doing now, what needs to change, and how financial organizations can make it happen.

Click the banner to learn how incident response plans protect organizations from cyber threats. 

Is Your Institution's Incident Response Plan Good Enough?

Banks are required to have IR plans, and they do. But if you ask, you learn that many are not sure how well these plans will stand up under stress. Consider the regulatory requirement for banks to report cyberattacks within 72 hours of occurrence. If IR plans can’t keep pace with evolving attacks, financial firms could find themselves outside the 72-hour window before an attack is even detected, much less reported and mitigated.

Given that the average time to detection and remediation of a cyberattack is now 287 days, organizations can’t afford IR plans that are all style and no substance. Part of the problem is that while firms have a general sense of how they will respond to a cyberattack, very few actually conduct dry runs. In addition, many companies don’t train people beyond the IT team in IR processes. Given that attacks often start at the edge of business networks, incident response is for everyone.

READ MORE: Mitigate cyber risk with these financial solutions and services.

3 Crucial Steps for Better Cybersecurity Incident Response 

What needs to happen to make sure a financial services firm’s IR plan is effective?

First, companies need to conduct regular penetration testing to understand where networks may be vulnerable, such as via internal applications or cloud-based services. Second, they need to carry out simulated attacks that test IR plans in action. Are the people notified at the right time? Do they have the tools and technologies needed to address the issue? Finally, companies need to update their IR plans based on the results of these tests.

Ideally, penetration testing should be carried out annually or whenever there is a change in infrastructure. Simulated attacks should occur annually but no more than three years apart, and IR plans should be updated in response to changes in personnel, IT tools, or infrastructure.

FIND OUT: Why businesses need a cybersecurity playbook.


The percentage of global financial institutions with assets of $5 billion or more were targeted by cybercriminals in 2022

Source: American Banking Journal, Annual Report 2022 Contrast Security

How to Start Improving Your Incident Response Plan Today

Put simply, financial services companies need outside help. This isn’t because they’re incapable of creating or testing effective IR plans; it’s due to the confluence of two key factors.

The first factor is time. Financial cybersecurity teams already have their hands full managing cloud, mobile and connected-device environments. The second is familiarity. Despite best efforts, in-house IT teams are naturally biased. Because they know their systems firsthand, they can never be impartial. At best, this leads to small security gaps being overlooked. At worst, it creates a new path for attackers.

Security services from CDW can help. Along with a triage of incidents, development of indicators of compromise (IOCs) and assistance with containment, financial firms also receive an IT security incident response report that details investigative methods, security findings and remediation recommendations.

Depending on current budgets and security requirements, financial services companies can select the retainer-based program that works best for them. The Basic program is no-cost and provides all the services mentioned above. Essential Lite adds recovery time objective assistance, while Essential includes 80 retainer hours and 16 hours of preparedness services. Premium-level service provides 120 retainer hours and 40 hours of preparedness.

The bottom line: Financial firms recognize the importance of IR plans, but there’s often a disconnect between planning, action and remediation. With regulatory obligations increasing, companies need IR plans that are stress-tested and ready to activate on demand.

This article is part of BizTech's EquITy blog series. Please join the discussion on Twitter.


GettyImages / NoSystem images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.