Cybersecurity has become a top focus of the financial services industry. The financial services industry is a vital component of the nation’s critical infrastructure. At the same time, it is a prime target for cyber criminals.
Cybersecurity must be actively managed due to evolving attack methods. The main challenges to managing cyber risks are emerging technologies and sophisticated threats.
Cyber criminals can be anyone. Often cyber criminals are employees, opportunist attackers, third parties, or organized cyber criminals. Cyber criminals may even be supported by other nations to commit cyber crimes.
Motivation for cyber attacks can be simple curiosity or an intent to disrupt operations. For organized groups, the motivation is often financial gain. Each year the number of cyber crimes targeting financial institutions increases. Some of the attacks have targeted foreign banks for millions of dollars.
The most damaging cyber criminals are nation-state sponsored. These types of cyber criminals are very technical. Nation-state sponsored cyber criminals want to cause widespread damage to critical infrastructures and steal intellectual property.
Cost of cyber crime
Businesses lose billions of dollars each year fixing systems impacted by cyber attacks. Studies suggest the cost of cyber crime appears to quadruple every four years.
A 2016 Juniper Research study predicted the cost of data breaches will quadruple to $2.1 trillion globally by 2019. An IBM-sponsored study conducted by the Ponemon Institute revealed:
- As of 2016, the average cost of a data breach was $4 million
- The average cost per stolen record was $158
- The longer it takes to detect and contain a data breach, the more costly it becomes
- Regulated industries, such as healthcare and financial services, have the most costly data breaches
To reduce the cost of cybersecurity and minimize risk of data breaches, the Ponemon study recommends:
- Improving data governance programs and incident response
- Appointing a Chief Information Security Officer (CISO)
- Developing an employee cybersecurity training program
- Implementing a business continuity program
- Investing in data loss prevention controls, such as encryption and endpoint security