Insider threat response and recovery strategies in financial services firms

Abstract

Insiders have become some of the most widely cited culprits of cybercrime. Over the past decade, the scale of attacks carried out by insiders has steadily increased. Financial services firms, in particular, have been frequent targets of insider at-tacks. While insider-threat awareness levels have grown over the years, threat management strategies remain to be better understood. This article analyses how financial services institutions address insider threat, and how they respond to, and recover from insider-threat incidents. It is argued that response and recovery strategies of financial services organisations are still nascent. Combining industry reports, academic literature, and semi-structured interviews with senior financial services security professionals, the research offers a practice-oriented perspective on insider-threat response and recovery strategies, and identifies best practices.