Managing IT Risk in Financial Services: Why Visibility Matters in Times of Crisis

8.12.2020 | Chris Hodson

At the start of the year financial services (FSI) IT leaders had plenty to keep them busy. With post-financial crisis regulatory frameworks finally settling in, the talk was of organizations looking to embrace digital disruption to position themselves best for success. Then everything changed as the global economy plunged into another crisis.

No-one knows how this one will turn out. But it’s already put IT leaders under very different pressures as new priorities stretch their teams to the limit, and expose critical gaps in endpoint visibility. A new Tanium study reveals the scale and impact of these IT blind spots on global FSI firms.


The industry has spent most of the past decade adapting to the new regulatory demands placed upon it following the 2008 economic crisis. But over this time complexity has grown, thanks to investments in virtual machines, cloud infrastructure, containers and other digital infrastructure. This complexity becomes a risk if not properly managed, especially at times of crisis when critical infrastructure is severely tested.

The study found that over half (52 percent) of FSI firms identify endpoints within the organization’s IT environment that they were previously unaware of. And only 27 percent claim to be totally in control of gaining instantaneous visibility of all the computing devices on the network.

This lack of visibility is concerning at any time, but especially one where the corporate attack surface has expanded exponentially thanks to the new distributed workforce. Meanwhile, opportunistic hackers are scaling up attacks designed to take advantage of stretched security teams and unprotected endpoints.

What’s causing these gaps? FSI IT leaders pointed to IT operations and security siloes (37 percent), legacy systems providing inaccurate info (36 percent), tool sprawl (30 percent), shadow IT (28 percent) and a lack of resources (28 percent). Tool sprawl in particular is a major concern: on average, FSI firms use 49 discrete IT security and operational tools in their organization today.

What to do

The study found financial firms spend more on data protection compliance than almost any other industry save for oil and gas: $104 million each on average, plus an extra $306 million each on related liability insurance. Yet visibility gaps persist, crucially undermining such efforts. Without comprehensive insight into their endpoint estate, IT leaders will find out about vulnerabilities, like the zero-day bugs found in Zoom, the wrong way — through compromised endpoints.

FSI firms need to consolidate their multiple point tools onto a unified endpoint management and security platform: one that offers a single version of the truth in real time for siloed IT and security teams to unite around. It will not only help to support compliance efforts and continually mitigate cyber risk, but also provides the insight IT leaders need to identify potential performance issues in their legacy and hybrid cloud estates.

Securing home workers is one thing, but as history shows, CIOs and CISOs must expect the unexpected. To ensure they’re not caught in perpetual fire-fighting mode, the key is visibility and control across endpoint assets.

Read the full results of the global survey Visibility Gaps in the Financial Sector for further findings.

Interested in seeing Tanium in action? Schedule a one-to-one demo or talk to our Tanium experts at our upcoming events.