Cybercrime is expensive—particularly for financial services firms—and it isn’t getting any cheaper.
The picture painted by Accenture cybercrime study is troublesome. One of the biggest concerns for financial providers may be the potential loss in value resulting from a cyberattack.
„Globally, across all industries, Accenture study estimates $5.2 trillion in value lost over the next five years from expected cost savings and additional revenue because of cybercrime. Banks stand to lose $347 billion, insurers $305 billion and capital markets $47 billion.”, according to a press release.
The average annualized cost of cybercrime for financial services companies globally has increased to US$18.5 million — the highest of all industries included in the study and more than 40% higher than the average cost of US$13 million per firm across all industries, according to a report from Accenture and the Ponemon Institute. The analysis focuses on the direct costs of incidents and does not include the longer-term costs of remediation.
The report, „Unlocking the Value of Improved Cybersecurity Protection,” examines the costs that organizations incur when responding to cybercrime incidents and applies a costing methodology that allows year-over-year comparisons.
Malicious insider attacks are the most expensive type of attack for financial services firms to resolve, at US$243,000 per attack, and also take the longest time for the firms to resolve, at 55.1 days on average — significantly higher than the time to contend with ransomware (33.8 days) or web-based attacks (25.9 days).
“Even though cyber breach levels at financial services firms are close to or lower than the cross-industry average, the financial services industry continually has the highest cost of cybercrime,” said Chris Thompson, global security and resilience lead for financial services at Accenture Security. “More prudent technology investments at the right spending levels would actually reduce costs while improving banks’ and insurers’ overall cybersecurity resilience. These cost savings are crucial for financial services executives trying to decide how much to spend on security versus other key areas, such as their overall digital transformation.”
Financial Services Firms Should Reconsider Security Investments
The report notes that only one-third (34%) of firms are deploying automation, artificial intelligence (AI) and machine learning to help combat cyber threats. This is especially discouraging, because the study found that, when fully deployed, these technologies deliver the largest cost savings for an organization’s security efforts.
Similarly, only 24% of firms are making extensive use of cyber analytics and user behavior analytics, despite similarly high cost savings for these technologies. This suggests financial services firms are struggling to keep up with the rapid pace of new technologies and, as a result, it’s difficult for them to make investments that increase their operational efficiency.
According to the report, financial services firms are not prioritizing security investments that can actually help reduce the cost of cybercrime. Investments in security intelligence and threat sharing technologies, for example, have an estimated annual return on investment of 22.5%, second only to advanced identity and access management.
Yet, when examining the rank of security technologies by percentage spending, security intelligence and threat sharing is in the bottom three among financial services firms. A similar value gap exists for automation, AI and machine learning, as well as cyber analytics.
The study, conducted by the Ponemon Institute on behalf of Accenture, analyzes a variety of costs associated with cyberattacks to IT infrastructure, economic cyber espionage, business disruption, ex-filtration of intellectual property and revenue losses. Data was collected from 2,647 interviews conducted over a seven-month period from a benchmark sample of 355 organizations in 11 countries.
The financial services industry data was collected from 537 interviews from a benchmark sample of 72 financial services companies in Australia, Brazil, Canada, France, Germany, Italy, Japan, Singapore, Spain, the U.K. and the U.S.
The study represents the annualized cost of all cybercrime events and exploits experienced over a one-year period from January 1, 2018 to December 31, 2018. These include costs to detect, recover, investigate and manage the incident response; costs that result in after-the-fact activities; and costs related to efforts to contain additional expenses from business disruption and the loss of customers.
„O singură provizie am făcut, de card, pentru că nu mai umblu cu banii în buzunar. Banii sunt cei mai periculoși când este vorba de răspândirea unei molimi. Am renunțat la cash. În rest, este o prostie să faci provizii. Dacă vine o molimă și nici nu știi când va ajunge, dacă ar fi să se întindă, pe cât timp să poți să faci provizii? Faci provizii pe trei săptămâni, pe patru săptămâni și mai departe?”, a spus consultantul.