A recent survey of more than 800 representatives from financial institutions worldwide found that a cyber security incident involving a bank’s online banking services costs the organization $1.75 million on average. That’s twice the cost of recovering from a malware incident, which average $825,000.
The survey, conducted by Kaspersky Lab and B2B International, found that 61 percent of cyber security incidents affecting online banking come with additional costs such as data loss, loss of brand reputation, and confidential information being leaked.
Customer-facing resources in banking are hit harder by DDoS attacks than in other sectors — 49 percent of banks that suffered a DDoS attack have had their public website affected, compared to 41 percent of non-financial institutions.
And DDoS attacks can cost banks more than other companies — a DDoS incident can cost a bank $1.17 million to recover from, compared to $952,000 for businesses in other sectors.
Seventeen percent of respondents said the consequence of a cyber incident they fear most is the loss of brand or company reputation.
Protecting Brand Reputation
“In the banking sector reputation is everything, and security goes hand-in-hand with this,” Kaspersky Lab head of Kaspersky DDoS protection Kirill Ilganaev said in a statement. “If a bank’s online services come under attack, it is very difficult for customers to trust that bank with their money, so it’s easy to see why an attack could be so crippling.”
“If banks are to protect themselves effectively from the price tag of an online banking cyber security incident, they first need to become prepared for the dangers DDoS attacks pose to their online banking services,” Ilganaev added. “This threat should be featuring higher on banks’ security priorities.”
Unfortunately, a recent MediaPro survey of 809 people employed in the U.S. financial services sector found that respondents’ levels of cyber security and privacy awareness were alarmingly low — 80 percent were classified as “risks” or “novices,” meaning their actions could lead to a serious cyber incident or data breach.
Just 20 percent of respondents demonstrated strong knowledge of security and privacy best practices.
“The results of this survey suggest financial sector organizations need to consider a comprehensive data protection strategy that includes employee training to ensure security and privacy concerns are top-of-mind for their employees,” MediaPro content marketing manager Jeremy Schwartz wrote in a blog post.
An Increase in Payments Fraud
A separate TD Bank survey of 392 finance professionals found that 64 percent of respondents said either their organization or one of their clients was involved in a cyber security event in the past year, including business email compromise (20 percent), account takeover (19 percent), and data breach (15 percent).
“Companies need to be mindful that everyday tools from email to the Internet can pose risk to payment operations and the criminal toolbox is expanding,” TD Bank head of corporate products and services Rick Burke said in a statement. “Corporate treasurers need to create layers of control for accounts and payments processing, both within their organization and in conjunction with their banking partners.”
An overwhelming 91 percent of respondents expect payments fraud to become a bigger threat in the next two or three years.