U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Cyber Threat Landscape Faced by Financial and Insurance Industry

NCJ Number
Kim-Kwang Raymond Choo
Date Published
February 2011
6 pages
Based on data from a 2008 nationwide survey of Australia's financial and insurance businesses, this report presents information on the computer-related ("cyber") threats experienced and perceived by respondents, how they deal with these threats, and whether or not the cyber threats faced by insurance and financial industries differ from those of other businesses.
Malware (malicious software), including spyware, was the type of computer security incident experienced by the highest proportion of each industry sector. This type of cyber threat is particularly common in the financial services industries. Another cyber threat mentioned frequently by respondents is called "phishing," which consists of online scams that often use unsolicited messages purporting to originate from legitimate organizations, particularly financial and insurance services, in order to deceive victims into revealing their financial and/or personal identity information (PII) for the purpose of committing other crimes (fraud identity theft, and the theft of sensitive information). A third cyber threat mentioned frequently by respondents was the theft or loss of proprietary or confidential information or hardware. A fourth cyber threat reported by a significant number of respondents was insider abuse of access to a business's computer network in order to conduct malicious activities. Countermeasures against these cyber threats are categorized as technical measures and awareness and education/training. Regarding technical measures, although no single technology can completely counter cyber security risks, a significant proportion of existing cyber security vulnerabilities can be minimized with good security practices. The Defense Signals Directorate (DSD) has recommended "patching" of the operating system, applications, and third party applications; minimizing administrative privileges; and using application "whitelisting" to help prevent unapproved applications from running. Ongoing education and training of employees about new cyber threats and how to counter them are also important. 3 tables and 26 references