<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Security Ratings

BitSight Research Highlights Financial Services Security Ratings in the UK

Alex Campanelli | July 13, 2018

Over the last several years, cybersecurity regulations (like NYDFS and GDPR) have placed pressure on the financial services industry to build and enforce some of the strongest risk management programs across any industry. These programs focus not only on internal security performance, but also on managing third party risk. Financial service organizations are both highly regulated and handle extremely sensitive personally identifiable information (PII), and as a result typically have higher security budgets when compared to other industries.

Financial services companies also tend to perform towards the higher end of the scale from a cybersecurity perspective. Leveraging data from BitSight Sovereign Security Ratings which look at security performance at a national and industry level, we examined the security performance of the finance sector in the United Kingdom. Our researchers analyzed  UK Financial Services security performance for the month of May 2018 to determine whether the security posture of this industry falls where expected. 7.13-Blog-1

Figure 1

BitSight’s research shows that the average security rating for the United Kingdom — when compared to the average security rating for other European countries — is highest in Insurance, Credit Unions, and Real Estate, with Finance coming in 4th place. This is positive, given that each of these industries deal with very sensitive client information that could be extremely harmful if compromised.

This image also shows that some of the overall lowest average security ratings in the UK are in Retail, which is concerning given that retail companies work many third parties who handle customer data. There have been several instances of some very public retail breaches in the last few years. Working with third parties has a big impact on retailers’ business bottom line, so they should be proactively working to improve the cybersecurity of their supply chains.


Figure 2

The average security rating for the Financial Services industry itself in the UK is highest among credit unions (just below 800), and lowest among financial institutions (just below 750).7.15-Blog-3

Figure 3

When examining the security posture of the UK’s financial sector, it helps compare its security performance relative to other major European financial powers for context. This image illustrates the average security ratings among these countries broken down by industry. Germany has the highest security rating among credit unions, and France possesses the lowest security ratings among financial institutions.

As shown above, the UK’s financial institutions are undoubtedly a clear leader in terms of security performance. UK financial firms tend to have sophisticated risk management programs, which is reflected well in their high level of security performance.

Despite this fact, the challenge remains in closing the security performance gap between financial institutions and their third parties, who pose a significant risk to their security posture. GDPR, which is now in effect, mandates that all organizations that collect personal data must have rigorous due diligence processes to ensure the appropriate technical and organizational controls are in place before sharing data with third parties. These organizations should establish a process for regularly testing their third parties.

As the threat landscape becomes more complex and risk of breach increases, it’s more critical than ever for organizations to be aware of their own security posture as well as the vulnerabilities in their supply chain. In a recent BitSight Insights report, The Buck Stops Where: Assessing the Cyber Performance of the Finance Supply Chain, we showcase more of BitSight’s research surrounding the Finance industry and their supply chain as well as proactive recommendations for organizations to strengthen the security of their networks.

Learn more about the benefits of security ratings for financial services.

Suggested Posts

Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach

This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former BitSight data scientist, Jay Jacobs, as well as fellow academics...


What Are Security Ratings?

Security ratings are a data-driven, objective and dynamic measurement of an organization’s security performance. Thousands of organizations around the world use BitSight Security Ratings as a tool to address a variety of critical,...


The Board’s Role in Managing Disruptive Risk: Enter Security Ratings

Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate...


Subscribe to get security news and updates in your inbox.