Lloyd's of London is at an "advanced point" in its investigation after detecting unusual network activity and cutting external connections earlier this week. The organizations reset its network and systems Wednesday after identifying unusual network activity.
"We isolated a number of external-facing systems as a precautionary measure and will reconnect them when we are confident they are fully secure," a spokesperson told Cybersecurity Dive. "We will provide a more detailed update in due course.”
The organization said a dedicated team, alongside two specialist partners, are conducting the investigation.
Lloyd's has remained tight-lipped on the details of its network incident — including the root cause or the nature of the incident — but it has moved quickly to isolate systems.
Its response is textbook in terms of how financial services organizations approach risk mitigation and management, according to Chester Wisniewski, principal research scientist at Sophos.
Lloyd's initial response is indicative of a "pretty mature security program," Wisniewski said.
"Companies that aren't prepared, don't know what's happening until it's already happened and generally are in reaction mode," he said.
By releasing a statement that said it has detected unusual activity and is investigating is a "positive sign" that Lloyd's is actively, if not proactively, monitoring its network exceptionally carefully, according to Wisniewski.
The response speaks to the risk-adverse nature of financial services organizations and its continued heavy investment in technology. Alongside IT services, financial services is one of the top sectors expected to increase IT budgets next year, Spiceworks Ziff Davis research shows.
Security, too, is taking on a larger portion of IT spending overall, creeping into software, hardware and cloud budgets.