42 Percent of U.S. Financial Services Orgs Have Been Breached

Fully 42 percent of U.S. financial services organizations have experienced a data breach, and 12 percent have suffered multiple breaches, according to the 2017 Thales Data Threat Report – Financial Services Edition.

The report, based on a survey of more than 1,100 senior security executives worldwide, also found that 24 percent of financial services organizations suffered a data breach in the past year alone, up from 19 percent in 2016.

Eighty-six percent of respondents believe their organizations are vulnerable to data threats.

While 96 percent will use sensitive data in an advanced technology environment (cloud, big data, container, IoT) this year, 47 percent admitted they’re deploying those technologies without having the appropriate levels of security in place.

“Data breaches continue to hit the headlines and, as recently illustrated by the Equifax breach, the financial services industry is a prime target for hackers,” Thales e-Security vice president of strategy Peter Galvin said in a statement.

“As digitization continues to transform the industry’s online infrastructures it is critical organizations implement data security solutions that follow the data — wherever it is created, shared or stored,” Galvin added.

Fighting Fraud

Similarly, a recent ISMG survey of over 250 banking and security leaders, commissioned by VASCO, found that just 38 percent have high confidence in their organization’s ability to detect and prevent fraud, and 52 percent say today’s fraud schemes are too sophisticated and evolve too quickly to keep pace.

Thirty-three percent of respondents said the number of fraud incidents involving their organization has increased over the past year, and 25 percent said financial losses linked to fraud have risen.

Aside from the financial toll, other impacts of fraud listed by respondents include loss of productivity (55 percent), reputational impact (23 percent), and loss of customers (15 percent).

And while 98 percent of respondents expect the same or increased budget for fraud prevention in 2018, 41 percent say they don’t want to add new anti-fraud controls that might negatively impact the customer experience.

“This survey certainly shows that while consumers may shoulder many direct costs and burdens associated with fraud, institutions are also suffering substantially,” NuData Security marketing director Lisa Baergen told eSecurity Planet by email.

“The global uptick in fraud, coupled with ever-increasing amounts of PII available on the black market, makes financial institutions more vulnerable and as a result, their security investments are growing yet their confidence in them isn’t,” Baergen added.

Mobile Insecurity

Symantec’s Q2 Mobile Threat Intelligence Report: Mobility and Finance [PDF] separately found that 25 percent of mobile devices used by employees at financial services organizations are at risk of a cyber attack due to unpatched vulnerabilities, and 15 percent have already been exposed to a malicious network.

More than 13 percent of financial mobile devices aren’t running the current version of their operating system, and as many as 99 percent of mobile devices in financial organizations aren’t on the newest minor update at any given time.

That split is far more noticeable among Android users — while just 4.8 percent of iOS devices in financial organizations aren’t on the latest major OS version, 47.8 percent of Android devices aren’t running the current major version.

“Since user behavior is such a huge factor in mobile security, user education is one of the most important things an organization can do to… minimize the threat to their organizations through mobile devices,” the report suggests.

Leveraging Technology

A recent Ernst & Young LLP survey of chief risk officers and other senior risk executives at 77 banks in 35 countries found that 77 percent of respondents said cyber security is one of the most important risks they face over the next year, a 22 percent increase over a similar survey in 2015.

Respondents expect new technologies and techniques to drive down costs in risk management, through the use of automation (87 percent), digitization (64 percent), machine learning (59 percent) and risk models using AI (57 percent).

Still, the leading concerns regarding those technologies are cybersecurity and a shortage of IT resources and talent (both at 64 percent).

“Over time, risk functions will have to leverage technology to improve risk management, and become technology innovators, rather than spectators,” Ernst & Young partner Tom Campanile said in a statement.

“Banks will have to rethink how they manage risks, what risks need to be managed and what new types of talent will be required,” Campanile added.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles