The Cost Of A Cybersecurity Breach For Financial Institutions

The Cost of a Cybersecurity Breach For Financial Institutions.jpeg

By Paige Schaffer

The number of data breaches has increased exponentially over the past few years, culminating in a record 1,579 breaches [opens in a PDF] in the U.S. alone during 2017.

While these breaches are an ever-increasing threat to any business, the financial sector has been disproportionately affected. Last year, 8.5 percent of data breaches involved financial sector companies such as banks, credit unions, credit card companies, mortgage and loan brokers, investment firms, trusts, and pension funds.

This is primarily due to the value of the types of information that these institutions need to secure – and the numbers bear it out: 

Financial services firms fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries.

To make matters worse, the costs for financial institutions to repair these incidents are often far greater, which is problematic as the average data breach cost rose 5 percent to $7 million per breach in 2017. The average cost to U.S. businesses per record, lost or stolen, during a breach was $225 – compare that to the financial industry’s number of $336 per record and you can clearly see the issue.

This highlights the clear need for financial services professionals to be cognizant of the prevalence and reasons behind successful cyber-attacks – not to mention remaining diligent on educating themselves regarding the latest risk mitigation strategies. Even so, breaches in the current climate are, unfortunately, a way of life – but by offering identity protection solutions that include resolution services to their clients before a breach ever happens, financial institutions can alleviate some of the customer backlash that inevitably comes with a breach.

In fact, a 2016 survey showed that because of unauthorized activity on their accounts, 12.3 percent of people left their credit unions and 28 percent left their banks. However, by being proactive through identity protection and resolution services, financial institutions can be better prepared to manage post-breach fallout and quickly pivot to customer retention outreach if they do fall victim. 

Moreover, according to our own research studies, consumers at this point actually expect their financial service providers to offer services that reduce the chance for exposure and, as importantly, quickly rectify the situation if their data does become compromised. Of the consumers we surveyed, 50 percent said they want their bank to offer these services and 43 percent felt the same about credit unions.   

Fortunately, raising awareness and recognition of potential cybersecurity risks among financial institutions has proven largely successful and cybersecurity and data breaches are now among the chief concerns for financial institutions. The industry is well beyond the days when organizations were completely blindsided by hacking events.

In fact, just hearing about cybersecurity incidents affecting other organizations has encouraged financial companies to invest more in their own cybersecurity practices. However, with the threat landscape constantly evolving in this industry, financial institutions can never be too prepared to address new emerging cyber risks.

As with any overarching concern affecting an entire industry, there are some best practices that financial institutions should implement to remain proactive about cybersecurity threats and data breaches. While there is no one-size-fits-all approach, many measures are transferable and customizable for individual companies, such as:

• Being Prepared for an Attack
• Mitigating the Fall-Out of Potential Breaches
• Proper Employee Education
• A Commit to Cybersecurity
• Implementing New Tools and Strategies

The unfortunate reality is that hackers have found myriad ways to infiltrate your organization’s network, whether through spearphishing, DDoS attacks that “mask” the real activity of the hacker(s), or even subversively utilizing you own employees to help them gain access to company systems.

The goals of these hackers may differ, but whether it’s ruining a company’s good name, causing a political stir or simply extorting money, one thing is certain – the methods that cybercriminals employ are constantly evolving into newer, unforeseen dangers.

To fight back, financial institutions must be prepared to adapt and redirect at every turn, facing both new threats and proven methods alike. It is also critical that these companies take steps to preventatively prepare for the seemingly inevitable successful cyberattack by having a data breach response plan in place and offering identity theft protection resources to demonstrate their commitment to protecting customers’ data.


About Paige Schaffer

As President & COO of the Identity and Digital Protection Services Global Unit for Generali Global Assistance, Ms. Schaffer leads sales & marketing strategy and revenue growth initiatives, managing operations as well global expansion.

More About Paige