Financial Services Data Breaches

Financial Services Data Breaches

December 11, 2018 Business Insurance and Risk Management, The Beacon Blog 0 Comments

According to a 12/5/18 post by cyber security consultant Halock (https://www.halock.com/the-current-state -of-financial-services-data-breaches/) financial services companies lost $16.8 billion to cybercriminals in 2017. While the typical American business gets attacked about 4 million times a year, the average financial services company is attacked over a BILLION times a year. The average cost of cybercrime has increased from $12.97 million per firm in 2014 to $18.28 million in 2017 – the highest of any industry. Average cost per record was $225 for all U. .S businesses in 2017, but $336 in the financial industry.

There are indirect costs of a data breach. According to a Ponemon Institute study of consumer sentiment, data breaches rank with poor customer service and environmental incidents as one of the top three factors affecting a company’s reputation. According to a 2016 study cited in ITSP Magazine, 28% of people left their banks and 12.3%their credit unions due to unauthorized activity on their accounts. The costs of customer turnover in the aftermath of a data breach can last up to 11 years.

Financial services firms attacked in 2017 and 2018, involving up to 50,000 customers per breach, included HSBC; Bank of Montreal; Canadian Imperial Bank of Commerce; National Bankshares; Scottrade; and technology services provider Fiserv, Inc.

IBM and Ponemon Institute estimate that 50% of cyber incidents are caused by malicious or criminal attacks; 27% by system glitches; and 23% by negligent employees. According to a 2016 report 75% of top U. S. banks are infected with malware, and 95% of them have a network security grade of C or below.

Threats to financial institutions come from criminal networks, proxy organizations and nations such as North Korea. Financial institutions  rely on highly interconnected networks which increases their vulnerability. High customers expectations of data protection result in higher consequences for failure. Small banks with limited resources and more emphasis on customer service are at additional risk.

To meet these threats financial institutions have increased cybersecurity spending by 67% since 2013.  Actions taken include undergoing risk assessments, hiring outside specialists to conduct penetration testing, and creating incident response plans. Although not mentioned in this post, Cyber insurance should be part of every financial institution’s plan for dealing with cyber threats.  

 




About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.