Cyber crime is on the rise, and the financial services sector is particularly vulnerable to attack. The sector's position at the heart of the world's economies makes it an attractive target for cyber criminals, with hackers often able to exploit weaknesses in the growing number of digital connections between financial firms and their clients and customers.

A recent report by the Center for Strategic and International Studies and McAfee estimated that the likely annual cost to the global economy of cyber crime is more than $400bn.

Financial services firms are often the victims, according to the PricewaterhouseCoopers (PwC) 2014 Global Economic Crime Survey, with 39% of financial sector respondents saying they had been victims of cyber crime, compared with only 17% in other industries.
​"One in four employees write passwords on Post-it notes"Many firms are increasing their spending on cyber security to protect their systems and data. J.P. Morgan's Chief Executive, Jamie Dimon, recently pledged to double cyber security spending over the next five years after the bank admitted in October that the records of 83 million customers had been compromised - one of the biggest breaches in banking history.

Further evidence of growing demand for IT protection is the growing number of cyber security firms changing hands for large fees. Raytheon, which specialises in defence and national security, has just acquired IT security solutions provider Blackbird Technologies for roughly $420m. Last January, cyber security company FireEye acquired Mandiant, a firm known for responses to network breaches, in a deal worth more than $1bn.

Financial firms everywhere need to ensure they have sufficient measures in place to prevent cyber attacks, whether they come from sophisticated criminal organisations looking to steal data, rogue states intent on disrupting services or activist groups wanting to simply cause havoc. Here are ten tips for improving your cyber security:

1. Create a reporting culture"Financial services organisations need to recognise cyber crime as a risk type and establish proper cyber crime reporting." So says Andrew Clark, Partner in PwC's forensics practice.

"In our experience, financial services organisations do not always identify and log the cyber element of economic crime," says Clark. "This leaves them exposed to cyber threats in spite of any existing cyber defence. If cyber crime is not being accurately tracked, the true risk of it cannot be fully grasped and understood."

Tackling terror
In August, the Joint Terrorism Analysis Centre raised the UK's terror threat level from 'substantial' to 'severe' in response to conflicts in Iraq and Syria.

The current level means a terrorist attack is highly likely, although there is no intelligence to suggest an attack is imminent.

The move is not directly related to a specific cyber crime threat, but both the Cabinet Office and MI5 urge organisations to remain alert and report any cyber activity they suspect could be linked to terrorist activity, such as transactions that could relate to the funding of terrorist groups. 2. Everyone needs a good educationEducate employees on good data security. This should include teaching colleagues how to keep company-issued devices, such as smartphones and laptops, secure.

According to Symantec's Norton Report, 38% of mobile users experienced mobile cyber crime in 2013, with 24% of users storing work and personal information in the same accounts and 21% sharing logins and passwords with family.

Employees also need to exercise caution when opening emails. Symantec's report found that out of 156 million phishing emails sent every day, eight million are opened, 800,000 links are clicked and 80,000 people have their information stolen.

3. Multiply authenticationProtecting your organisation's data has never been tougher, according to Raj Samani, Vice President and Chief Technical Officer (CTO), EMEA at McAfee. "You now have people using company phones, USB sticks, laptops and tablets, and working from home or accessing Wi-Fi in hotels," he notes.

Security is often further weakened by poor password protection, adds Samani. "One in four employees write passwords on Post-it notes, and the most popular password is '123456'."

Firms, therefore, should consider introducing multi-factor authentication by adding security measures such as smart cards and fingerprint recognition to complement passwords and provide extra layers of protection.

4. Secure your supply lines Any assessment of cyber security should include suppliers or contractors, emphasises McAfee's Samani.

Last December, discount retailer Target admitted its records had been hacked, and that as many as 110 million customers had personal data stolen.

"With Target, the data breach was a supply chain issue, with the breach originating from a heating and ventilation supplier it was using," notes Samani.

5. Cloud control If you use cloud-computing providers to store sensitive data, make sure their cyber security is as good as they claim it is.

Cyber crime in numbers

$400bn
The likely annual cost to the global economy of cyber crime

156 million
The number of phishing emails sent every day

117,000
The number of security incidents detected per day worldwide in 2014

38%
The percentage of mobile users that experienced mobile cyber crime in 2013

2
The number of FTSE 100 companies that have a Chief Technology Officer on their main board

6. Keep tabs on privileged users Firms need to keep a close eye on who exactly has access to their data. PwC's Global State of Information Security Survey reported more than 117,000 detected security incidents per day worldwide in 2014, nearly double that of the previous year - with employees the most-cited culprits.

Companies should keep up-to-date lists of privileged users, such as those with access to information including HR, finance and customer details, and monitor their activity.

7. Get on board More firms need to welcome security experts into the boardroom. Neil Woodford, one of Britain's best-known fund managers, recently commented: "My gut feeling is that most boards haven't got to grips with cyber security."

Only two FTSE 100 companies have a CTO on their main board, according to business intelligence service BoardEx. The Institute of Chartered Accountants in England and Wales (ICAEW) believes a CTO can bridge the gap between IT and the board.

Headhunters who appoint non-executive directors, meanwhile, say they are increasingly targeting digital experts to improve board-level skills.

8. You get what you pay for Capable cyber security professionals can prove hard to find. The best candidates often end up being lured by security or other technology companies, so attracting the right people might mean offering higher salaries than originally planned.

No firm should rely on just IT professionals, though - cyber security should be the responsibility of everyone in the organisation.

9. Share the knowledge Firms can help each other by sharing intelligence on cyber threats, whether by notifying their local police force or the National Fraud & Cyber Crime Reporting Centre, or by sharing intelligence through industry bodies.

In September, Europol's European Cybercrime Centre announced plans to work with the European Banking Federation to "intensify co-operation between law enforcement and the financial sector".

That same month, the British Bankers' Association revealed that 12 government and law enforcement agencies are to start using a "pioneering financial crime alert system" in early 2015 to warn banks of the latest threats.

10. Run for cover Organisations need sufficient insurance cover in case the worst happens.

The cost of breaches has risen in the past three years. The Department for Business, Innovation and Skills' Information Security Breaches Survey 2014 showed that for smaller organisations, the worst breaches cost between £65,000 and £115,000 and for large organisations, between £600,000 and £1.15m.

Colin Tankard, Managing Director of data security specialists Digital Pathways, says: "If we consider the recent attack on Target in the US, the estimated cost to the business is around $3bn - enough to bring down the biggest organisations."