The cost of cyber-attacks for banks and insurance companies in 2017 exceeds $18 million, an increase of 40% compared to 2014. The Cost of Cyber Crime survey, by Accenture Security and Ponemon Institute, analyses the costs incurred by companies in dealing with cyber-attacks, highlighting year-on-year changes. The analysis showed that the average international cost of cybercrime in the financial sector has increased by more than 40% over the past three years, from $12.97 million per company in 2014 to $18.28 million last year, and is well above the $11.7 million average for all industrial sectors. The analysis focuses on the direct costs of cyber-attacks (thus excluding the costs incurred to implement corrective measures).
In the financial services sector, the number of cyber-attacks has tripled in 5 years, although companies in the sector are orienting their investments in a balanced way towards new technologies compared to other sectors, it is therefore clear that what has been done so far is not enough to stem the impact of cybercrime.
Banks and insurance companies are directing their investments towards security technologies to support the reduction of costs due to violations, such as security intelligence systems, automation technologies, coordination and machine learning.
“Although cyber-attacks are increasingly expensive, our research shows that banks and insurance companies are spending in a more balanced way than companies in other industries, investing in the most innovative security technologies to face increasingly sophisticated cyber threats”, says Andrea Agosti, Accenture Security's Financial Services Lead. “This applies in particular to automation, artificial intelligence and machine learning technologies, key factors in the future cyber security arena”.
Some of the key achievements in the financial services sector include:
* In the last five years, the average number of violations against each financial company increased more than threefold, from 40 violations per company in 2012 to 125 in 2017. Slightly lower than the average of 130 violations for companies across all industries.
* Almost two-thirds (60%) of the total security costs in this area are spent on identifying, responding to and minimising violations.
* The greatest impact of cyber-attacks on financial companies is focused on business interruption and data loss, which together account for 87% of the direct costs of cybercrime.
The research suggests, however, that financial firms are not yet exploiting the full potential offered by new security technologies: only one in four (26%) actually uses AI-based technologies and less than one third (31%) uses advanced analytics-based technologies.
However, the financial services sector seems to be less affected by the most common cyber-attacks than the others. In 2017, a series of malware attacks - including the WannaCry and Petya attacks - caused several hundred million dollars in losses to global companies, but these attacks proved to be among the lowest-impact attacks for financial companies. For banks and insurance companies, the largest losses were recorded against cyber-attacks such as denial of services, malicious insiders, phishing and other social engineering methods.
“Financial companies are adopting innovative solutions to fight malware and be less exposed to attacks from a cybercrime that's quite different from the one affecting other industries”, Agosti said yet. “However, the market does not currently offer a sufficient number of professionals to tackle cybercrime and companies often struggle to find the necessary skills. To face this new threat, in addition to identifying the bad actors within the organization, it is necessary to find the best match between the use of technology and human intervention”.