Cybersecurity in financial services. Stats tell the story3 min read

Statistics are a useful means of building up a detailed picture of the threat landscape facing industries and the companies that comprise them. Take a look at this range to gain an idea of the state of play in cybersecurity in the area of financial services. For more information and detail, take a look at Security Boulevard.

1. Financial services firms more likely to be attacked

According to a report from Boston Consulting, “Financial services firms are 300 times as likely as other companies to be targeted by a cyberattack. Dealing with those attacks and their aftermath carries a higher cost for banks and wealth managers than for any other sector.”

2. The scale of the problem

A 2017 survey of banks conducted by Ovum found that an estimated 40% of banks get 160,000 duplicate, irrelevant, or erroneous cybersecurity alerts every day.

3. Cybercrime costs financial services $18.5 million per company annually

According to a survey by Accenture, the average cost of cybercrime per company in financial services was $18.5 million (€16.8 million). That was higher than any other vertical market (utilities ranked second at $17.84 million (€16.2 million)) and considerably higher than the same average across all sectors which came in at $13 million (€11.8 million).

4. Most cyber attacks use just four methods

Akamai’s annual security report found that “94% of observed attacks against the financial services sector came from one of four methods: SQL Injection (SQLi), Local File Inclusion (LFI), Cross-Site Scripting (XSS), and OGNL Java Injection.”

5. Most financial firms have recently experienced a security incident

A survey by Vanson Bourne on behalf of Clearswift of 100 senior business decision-makers employed by UK financial services organisations found that 70% have experienced a security incident in the last 12 months. Most of these stemmed “from employees failing to follow security protocol or data protection policies.”

6. Volume of breaches still growing

According to the Cost of Cybercrime Study in Financial Services: 2019 Report by Accenture, the average number of breaches grew by 13% to 152 in 2018 from 134 in 2017.

7. Malicious insiders responsible for the most expensive attacks

The same Accenture report found that malicious insiders were the most expensive category of attack to resolve. This type costs an average of $243,101 (€220,781), representing a 44% increase over the previous year. Rounding out the top five were malicious code ($157,891 (€143,395)); phishing and social engineering ($156,690 (€141,759)); denial of service ($133,949 (€121,651)); and web-based attacks ($84,954 (€77,154).

8. Average financial services security budget

According to Deloitte, financial institutions spend an average of 0.3% of revenue and 10% of their IT budget on cybersecurity. This is equivalent to about $2,300 (€2,088) per employee, across the 96 financial firms that took part in the Deloitte study.

9. What banks will invest in

By 2023, the banking community will invest more in security solutions than any other industry, according to a spending forecast by research firm IDC. When combined with the other top spenders – manufacturing and federal governments – they “will account for nearly 30% of all security spending worldwide.” IDC puts that number at an estimated $151.2 billion (€137.3 billion) by 2023.

10. Good at detecting. Less good at preventing

A survey of 400 security professionals across financial services by the Ponemon Institute found the financial services industry is more “effective in detecting (56%) and containing (53%) cyberattacks than in preventing attacks (31%).” The same survey found while most of the sector is concern about supply chain risks, less than half of them have taken steps to mitigate the risk.

For more on this data, visit Security Boulevard via the link.