Home / Banking Strategies / Cost and effect: How financial institutions can fight security breaches

Cost and effect: How financial institutions can fight security breaches

It seems the number of data breaches jumps every year, with a 48 percent increase from 2016 to 2017 alone. In the United States, 1,579 breaches hit financial institutions last year—a record high—and negatively impacted bottom lines. What’s more, the sensitive information these institutions hold makes them even bigger targets for attacks or breaches compared to other companies. In fact, financial services firms are victims of cybersecurity attacks 300 times more frequently than businesses in other industries.

Nor does the bad news for the financial services industry end there. While each customer record lost or stolen in a typical business breach carries an average cost of $225, the figure for a financial services firm is a third higher: $336. With the cost of an average breach rising by 5 percent to $7 million in 2017, you can see how even a small incident can have a big impact to a bank’s revenue.

Outside of the direct costs involved with a breach, cybersecurity issues can also impact a bank’s customer retention ability. In fact, a 2016 survey showed that 28 percent of respondents left their bank due to unauthorized activity on their accounts. A recent study completed by Ponemon Institute and IBM found that companies who contained a breach within 30 days saved almost $1 million compared to those who took longer.

The study also found that lost business costs can reach up to $4.2 million in the United States, the highest of any region. This is echoed by a recent IBM and Harris poll that found 75 percent of U.S. customers would not do business with a company that they don’t trust to protect their data. Therefore—and with good reason—one out of five financial institutions listed “damaged brand trust or reputation” as their top concern related to data breaches. This reflects a salient truth: Breaches impact both the short- and long-term profits of banks.

Of course, by offering protection and resolution services before an incident, banks can improve and reinforce the reputation that they care about their customers’ financial wellbeing.     

The types of attacks used on banks also play a role in the higher cost of resolution in the financial industry. For example, a malware related attack can cost a bank an average $825,000 to resolve. Another common form of attack known as DDoS (Distributed Denial of Service) can have an even bigger impact, since it often directly affects the customer facing services banks offer. The average cost associated with a DDoS attack is approximately $1.8 million.

Not all breaches focus on attacking systems; some go after the employees or customers themselves through social engineering and “spearphishing” attacks. In 2016 and 2017, cybercriminals targeted and attacked 100 banks in 30 countries with spearphishing. The result: They stole $1.3 billion over the course of an 18-month period. This serves as an important reminder to banks to remember the human aspect of their systems in place as they’re often the most vulnerable.      

The data shows a clear need for banks to protect their customers’ sensitive data. While cybersecurity breaches might represent an unfortunate reality of doing business online, financial institutions can enact effective strategies to protect themselves and their customers.

The most powerful preventive measure banks can put in place is to educate themselves on the latest risk mitigation strategies. Gone are the days when banks would’ve been completely blindsided by an cyberattack. In fact, most large banks have dramatically increased their cybersecurity and the SEC now expects banks to quickly disclose any incidents.

Banks also have the option to offer identity protection services to their customers directly. According to our recent study, some customers expect their bank to offer services that reduce the chance for exposure and rectify the situation right away should their data become compromised.  In fact, a recent customer survey found that 50 percent of bank customers said they would want their bank to offer identity protection services. This solution can not only improve a banks reputation amongst its customers but also open up a new potential revenue stream.

The reality is that the more our world relies on the internet and digital services to do business, the more exposed sensitive data becomes to cybercriminals. Whether they attack a system via DDoS or malware, or target people through spearphishing and social engineering, the results are the same: irreparable damage to customer reputation and customer retention, in addition to the financial costs associated with resolution.

But if banks take preventative steps through risk mitigation education, and identity protection and resolution services they offer customers before any breach, they can demonstrate a strong commitment to protect customer data—and drive potential revenue through services customers find valuable. That is, while breaches themselves can hurt a bank’s revenue stream, smart prevention can help it—and keep a bank’s bottom line from hitting bottom.

Want more Banking Strategies? Sign up for our free newsletter!

Paige Schaffer is president and chief operating officer of the Generali Global Assistance Identity Theft and Digital Protection Unit.  

If you enjoyed this article, check out: How one bank won the revenue game through the ‘sales hunter’