The current state of cybersecurity in the financial sector is bleak. Cyberattacks are on the rise and so are the costs associated with breaches. As an industry, finance has been historically slow to move away from legacy technologies. Now there’s a greater need to digitally transform their processes and their cybersecurity strategy along with them. The statistics below don’t bode well for the sector, but each can be addressed in a modern way that strengthens cybersecurity and modernizes their practices.
Financial Services Have More Expensive Costs
Financial services is only second to healthcare when it comes to the cost of a cyberattack. The average price for a breach in the sector in 2021 came in at $5.72 million. Although that’s slightly better than the average in 2020, it still outpaces the global average across all industries. Some factors attributing to the high costs of data breaches include the sluggish approach to adopt new technologies in cybersecurity in the financial sector and the regulatory demands of the industry after a breach.
To combat and lower breach costs, financial institutions can incorporate AI and security automation into their security landscape. On average, organizations that have high levels of security automation save almost $4 million per breach compared to those that don’t. Even those low levels of AI and security automation saved in the long term.
AI and security automation lowers breach costs by more quickly identifying and containing breaches. The length of a breach lifecycle affects the costs associated with it. By shortening breach lifecycles to under 200 days, institutions see an average savings of $1.26 million.
Customer PII Per Record Breach Costs Are Up
One reason the financial sector sees such high breach costs is because of the types of data typically targeted in financial sector attacks. Most cyberattacks targeting banks and the finance industry as a whole involve targeting institutions in order to criminally obtain bank card details and account credentials. With an average breach cost of $180 per record, a single breach could have damaging effects on a business.
Securing stored customer records and PII beyond the minimum requirements established in compliance regulations better protects them against theft. Using microsegmentation is one such way this is done. Microsegmentation creates zones within data centers. This way data groups are stored independently of each other. Then if one zone falls victim to a breach, the other disconnected segments remain safe from the breach, limiting the attack surface.
Microsegmentation also helps protect customer PPI by limiting access to customer data to a single entry point, rather than having access from anywhere in the data center.
High Regulation Means Longer Costs
Because of the global reliance on the banking system and the amount of data it contains as well as the funds it handles, the financial sector is one of the most regulated industries in the economy. These regulations protect financial, economic and customer interests, but also lead to costlier breaches for businesses in the sector. Highly regulated industries, including the financial sector, continue to pay for breaches for over two years after the event.
Some of these longtail costs can be easily avoided by performing more frequent compliance audits. Breach costs experienced two years after the event occur often deal with regulatory fines and penalties and lawsuits alleging inadequate security practices. Biannual compliance audits are commonplace, but highly regulated industries like finance may consider performing more frequent audits to find and reconcile compliance inconsistencies.
This is especially important for businesses that raced to the cloud in 2020 in order to support remote work. The hasten digital transformation in 2020 was welcomed by consumers, but continued regulation compliance is necessary for organizations hoping to avoid prolonged breach costs.
Financial Firms More Likely To Be Targets
Most cyberattacks are financially motivated and for those hackers, the financial sector is low hanging fruit. Aside from those, nation-state threat actors looking to dismantle institutions and wreak havoc on governing bodies and systems have become more common. With a global economic reliance on financial services, organizations in this sector have become an even bigger target. This results in the staggering statistic that financial firms are 300X more likely to be the victim of a cyberattack than other companies.
Financial institutions looking to level the playing field can do so by beefing up their cybersecurity preparation and response by performing cyberattack rehearsals. Running real-life and theoretical cyberattack scenarios help banks and other financial institutions prepare and gauge their readiness for an attack. More than that, these cyberattack rehearsals also provide insights into areas where security and response can be improved.
There’s no way to tell how wide reaching or detrimental an actual attack will be but running ongoing rehearsals help financial institutions constantly assess and update their readiness plans. Guidelines for such rehearsals are included in many jurisdictions’ cybersecurity regulations for the financial sector.
Attacks In Finance More Than Tripled in 2020
While 2020 saw an uptick in cyberattacks overall, the frequency of attack in the financial sector alone rose 238%. Different factors played a role in this spike: an increased use of cashless systems in response to the pandemic, a greater and quicker adoption of cloud processes, and an increase in attacks by nation state actors to disrupt systems.
As attacks become more frequent, financial institutions can lower their chance of attack by minimizing their third-party risks. This is done by unifying the security strategy of all parts of the supply chain. The banking and finance industry relies heavily on third-parties, both private and public, to operate. Each of these entities presents an entry point for a breach by attackers. Unifying the security and holding each vendor and service provider in the supply chain to the same security standards help secure them against attack. Breach vulnerabilities are lessened when every player in the chain from oversight agency to transaction processor is equally protected.
Lost Business From a Breach is Damaging
Lost business and a drop in customers is never good for any business but is particularly troubling for organizations in the financial sector. Loss in customer or confidence at one institution resulting in a mass withdrawal of assets would result in a ripple effect that could destabilize the economy. In a cyber attack alone, lost business contributes to 38% of the cost of a breach.
Going above and beyond to protect customer account information is critical to retain the confidence of consumers. One way to add further protections to consumer data is through implementing required use of multi-factor authentication from the end user in order to access accounts. Though this may seem inconvenient to customers, their data will be safer for it. Stolen credentials would be of little use and value to hackers if using them required validation from a secondary source of the account holder.
Fixing Cybersecurity in the Financial Sector
Along with health services, cybersecurity in the financial sector should be one of top priority for decision makers in the field. The rate of cyber attacks only stands to increase and these attacks are only getting more complex and detrimental. In order to protect themselves against the growing threat and costs associated with these attacks, banks and other financial institutions must implement the latest cybersecurity measures and regularly audit and assess their efficacy. Although they’ll be a constant target of such attacks, institutions can lower the effects and associated costs when they do happen.
Harness Data & Analytics With Teramind
Empowering your team to be more focused, decisive and productive is no easy task. Managers and team leads need clear metrics to manage their teams efficiently, but all of the data can be overwhelming. Teramind fills the missing gap in existing employee monitoring solutions by translating raw tracking data into meaningful metrics that can help you make data-driven decisions.
But don’t just take our word for it…