Cyberattacks against financial services firms increased by over 70 percent in 2017, which reflects that the financial services sector is currently vulnerable to such attacks, states a recent report from Market Expertz. In the previous year, cyberattacks against the sector had increased by 60 percent.
The global cybersecurity in financial services market is expected to expand at an annual growth rate of 9.81 percent, leading to a global revenue of $42.66 billion by 2023, the report estimates.
Still, a Deloitte survey of 51 CISOs at U.S. financial services institutions in May suggests financial institutions aren’t spending enough to adequately defend against attacks.
The survey encourages more innovation among financial services institutions, recommending that spending on transformational initiatives could go further than merely operational initiatives. Overall, large companies dedicated less than one-third of their cybersecurity budgets to transformational initiatives, compared to one-quarter dedicated by midsize and smaller companies, according to Deloitte.
Small companies also lagged in the percentage of revenue dedicated to cyber-risk management, the study states.
According to the survey: “One-half of the large FSI companies reported that cyber risk management spending was $20 million or less. Even if one were to assume these companies invested the most and earned the least revenue within the respective ranges for those categories, this means that one-half are spending one percent or less of revenue on this area. Given the potential operational disruption, reputational damage, investigation and customer costs, and remediation expenses that could emerge from a single successful breach, this may not be enough.”
Financial Sector Firms Face More Cyberattacks, Higher Costs
In the United States in 2017, the financial sector suffered the most data breaches of all sectors, with 8.5 percent of the attacks targeting banks, brokers, investment firms and other financial companies, according to ITPS Magazine. “Financial services firms fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries,” the article states.
A recent report in Forbes estimated the cost of cyberattacks was $18 million per firm in the financial sector, versus $12 million for firms in other sectors.
According to Forbes: “Costs of cybercrime also include regulatory fines, litigation, additional cybersecurity following the breach, the need to respond to negative media coverage, identity theft protection and credit monitoring services to customers affected by breach and lost business due to reputational damage. According to Ponemon Institute’s consumer sentiment study, data breaches are in the top three of incidents that affect reputation, along with poor customer service and environmental incidents.”
A Range of Cyberthreats Confront Financial Services Firms
In June, Mindsight projected the top seven threats to financial services:
- Web application attacks
- Distributed denial of service attacks
- Backdoors and supply chain attacks
- Third-, fourth- and fifth-party vendors
- Global operational risks
- Emerging technologies
- Insider threats
In February, the Ponemon Institute reported that denial of service attacks and phishing or social engineering were the two most expensive attacks for financial services firms to confront.
MarketExpertz highlighted the risk of ransomware in its report, citing the threats of WannaCry and Petya in 2017.
According to MarketExpertz, “Although cybersecurity in the financial services market is expected to have positive growth globally, lack of adequate funds may act as a hindrance to the growth of the market. Buyers are allocating exorbitant budgets to tackle cyberattacks but the nature of the crimes is evolving every passing day. Spending on new types of cybersecurity tools and services for companies is a major problem for the financial sector and may hinder the growth of the market,” echoing the sentiments of the Deloitte survey.