There is a gap between financial firms understanding what impact cyber-attacks would have on their firms and making the necessary investments to prevent them, concludes twin surveys conducted by Backstop Solutions Group and BAE Systems.

The top three risks that BAE respondents cited if a cyber-attack was successful were the damage to their firms’ reputations (85%), exposure to legal liability (74%), and the firm facing potential financial damage (70%).

It should come as no surprise that 77% of people questioned for the Backstop survey listed cybersecurity as at least an “important” priority while 34% of them cited it as a top priority. Only 4% of the respondents indicated that cybersecurity was not a priority for their firms.

“I’m sure a lot of that is due to the widely publicized breaches that have been happening across industries,” said Michael Neuman, head of information security at Backstop. “Cybersecurity is becoming more and more of a buzzword. But with the actual threats out there, it’s becoming a growing priority for firms.”

The most popular tools that businesses deploy to thwart malware infestations are firewalls (97%), anti-virus software (95%), and/or cyber-intrusion detection systems (75%), according to BAE. The vast majority, 84%, also use some form of encryption to protect their data.

However, when it comes to employee training, less than 40% receive quarterly or bi-annual cybersecurity training, and 40% of U.S. executives are unsure which cyber-security measures they have in place.

This might be because of a dearth of expertise in this comparatively nascent industry, noted Neuman. “There is not a huge number of information security professionals out there,” he said. “They are a fairly rare commodity.”

And adding to the ever increasing complexity of cyber-security environment is the “Internet of things,” which likely has the highest growth potential for potential risk, according to Neuman. “With the number of connected devices, it’s almost happening as a stealth item.”

“Overall the industry should be optimistic,” said Colin McKinty, vice president of cyber security strategy, Americas, at BAE Systems. “Our survey shows that there is still work to be done but the fact we are talking about it as an important topic means we ultimately will succeed in putting into place the defenses organizations require to protect their critical assets.”

Featured image via iStock