With data breaches causing an average loss of $4.2 million, financial services firms are laser-focused on cloud vulnerabilities, attacks against internet-of-things devices and other prevalent threats.
New research shows the sector increasing its security investments again this year, as it continues to fight on multiple fronts.
Research for the report, “Firms Face Financial Losses and Reputational Damage from Cloud Network Attacks and Data Breaches,” was underwritten by Infoblox and conducted by CyberRisk Alliance Business Intelligence.
The heavily regulated environment in which financial services firms operate adds a layer of complexity — and potential cost — to security. Local, national and international laws govern not only how firms protect data, but also the fines they may incur in the event of a breach.
The report is based on a survey of 814 senior-level IT executives in the financial services industry in October and November 2020. Nearly all respondents (94%) are significant or final decision-makers for cybersecurity budgets and operations at their organizations.
Attacks lead to reputation damage and system ‘paralysis’
In this industry, financial losses from a data breach can be severe, averaging approximately $4.2 million globally and $4.7 million in the U.S. — per incident. The average financial loss from a network outage is $3.2 million globally and $3.4 million in the U.S. For many organizations, however, monetary damage may be just the beginning.
For 45% of respondents, reputation damage and public relations crises would be the biggest fallout from a network outage. Operational disruption and loss of intellectual property or data follow close behind, with 43% citing each of these as the most significant impact.
One respondent reported, “We encountered a cyberattack, which led to the paralysis of the entire system.”
A disruption in business arising from a breach may be expected, but unscheduled network outages can be even more of a challenge — especially when they occur beyond the control of the affected organization. “In fact, cloud-based outages often are not the fault of the companies that suffer significant network outage costs,” the report notes.
For respondents, recent network outages have sparked a cascade of consequences that included the inability to process insurance claims, customer disruptions at branches, delays in bank card activation and, of course, reputational damage.
Cloud attacks strike roughly half of firms
Financial services firms are fighting multiple threats, as evidenced by the top five security threats that respondents anticipate in the next 12 months:
- Internet of Things attacks (22%)
- Cloud vulnerabilities and misconfigurations (19%)
- Attacks to manipulate data and statistics (17%)
- DNS and DDoS attacks (15%)
- Phishing (13%)
Phishing attempts are a constant source of concern. For organizations with an aging customer base that may be more vulnerable to these attacks, they are “a chief concern,” said one respondent.
Cloud networking attacks are also prevalent. More than half (54%) of respondents reported a data breach arising from such an attack, with cloud malware close behind, reported by 49% of respondents.
For many institutions, growing reliance on the cloud — and more complex, multi-cloud environments — has put a harsh spotlight on cloud security challenges. For approximately 40% of respondents, cloud-related issues and network outages are among the most difficult to manage.
“Cloud misconfiguration may be the security concern for us in the next 12 months,” said one respondent.
Financial services firms increase security spend in 2021
The need to stave off attacks and minimize losses drove the majority of firms (77%) to increase cybersecurity spending in 2020, and 82% plan to do so again. On average, the cost of preventing data breaches and network outages is approximately $4.8 million globally, with the highest cost in the U.S. at $5.3 million.
These investments reflect not only the complex environment in which firms operate, but also the increasing complexity of the threat landscape itself: exacerbated by ongoing remote work and the need to mitigate risky end-user behaviors.
Respondents’ risk management strategies overwhelmingly favor network monitoring, cited by 76% as the most effective mitigator of IT attacks or breaches in 2020. Other proven tactics included:
- Threat intelligence (64%)
- Threat hunting (57%)
- DevSecOps/SDLC (35%)
- Zero trust (16%)
“I believe that all financial services companies should invest heavily in data security, given the fact that this problem, in addition to causing financial losses, can damage the organization’s credibility,” said one respondent.
For more information on how you can partner with CRA Business Intelligence, please contact Dave Kaye, Chief Revenue Officer.