Banks take million Dollar hits for each cyber security incident
Kaspersky Lab survey finds POS systems the most lucrative threat vector for financial firms
The costs associated with cyberattacks on the financial sector are rising as organisations face increasingly sophisticated threats.
New research by Kaspersky Lab and B2B International reveals the scale and impact of attacks, with financial firms facing losses of nearly a million dollars ($926,000) on average for each cybersecurity incident they face.
The staggering figure is revealed as part of Financial Institutions Security Risks 2016, a survey of finance professionals highlighting the main security challenges for banks and financial institutions around the world and the financial costs of specific cyberattacks. The most-costly type of incident for financial organisations are threats that exploit vulnerabilities in point-of-sale (POS) systems, in which an organisation typically loses $2,086,000. Attacks on mobile devices are the second most costly ($1,641,000), followed by targeted attacks ($1,305,000).
Compliance is the main driver for increasing investment in IT security in banks and financial institutions. However, the study found that 63% of organisations believe that being compliant is not enough to be secure. Another significant reason for spending more on security is growing infrastructure complexity. For example, an average financial firm adopts virtual desktop infrastructure (VDI) and manages approximately 10,000 end user devices with roughly a half of them being mobile smartphones and tablets.
Insufficient internal expertise, top management directives and business expansion are also among the top reasons for a budget increase. In general, investing more in security appears to be inevitable to a clear majority of financial firms as 83% of them expect an increase in their IT security budgets.
Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab commented: “Given the substantial monetary losses from cyberattacks, it is not surprising that financial organisations are looking to increase spending on security. We believe successful security strategies for financial organisations lie in a more balanced approach to allocating resources — not just spending on compliance, but also investing more in protection from advanced targeted attacks, paying more attention to personal security awareness and getting better insights on the industry-specific threats.”
The study shows that financial firms seek to address security challenges by getting more threat intelligence and conducting security audits, with 73% considering this measure effective. However, organisations from the financial sector are less inclined to use third-party security services with only 53% of those surveyed perceiving it as an effective approach.