Cybercrime Costs Continue to Soar More for Financial Firms Than Other Companies

Expect the number and sophistication of cybercrime to increase each year — we predicted that cybercriminals will use more complex tactics to blend in, and social engineering-powered attacks will continue to rise in 2019. As threats continue to evolve, the price an organization has to pay to defend against cybercrime — and mitigate its effects — continues to balloon as well. This is especially true for the financial industry, which is burdened with more cybersecurity mitigation costs than any other industry, according to a report.

According to a report by Accenture and the Ponemon Institute, on the average, financial organizations with 5,000+ employees each lose US$18.5 million in direct cybercrime costs. This massive amount towers over the rest of the annual average of around $13 million (per industry) for all other industries.

The report also shares that insider threats are the costliest attack type and the longest to mitigate for the financial industry, costing companies US$243,000 per attack and taking about 55.1 days to fix. According to The Cost of Cybercrime, the amount companies have to pay to deal with malicious insider attacks has increased by 15%.

It should be noted that only one-third of financial firms make use of automation, artificial intelligence (AI), and machine learning for security — technologies that can help significantly lower cybersecurity costs when properly utilized, according to the report.

On top of this, financial organizations are not utilizing data from analytics as best as they could, which could indicate that the financial industry is not able to keep pace with evolving cybersecurity technologies, leaving them vulnerable to different types of threats.  A lack of skilled security professionals is also a burgeoning concern — in fact, the International Information System Security Certification Consortium (ISC2) projects that security workforce shortage will reach a whopping 1.8 million by 2022.

Financial companies that lack cybersecurity professionals on their teams can benefit from a dedicated managed detection and response (MDR) service, which helps provide companies with a team of cybersecurity professionals, for a lower cost compared to building their own in-house security teams. Today’s threats continue to change and are more difficult to detect, which is a trend we’ve seen this year in ransomware, whose creators are employing new tactics and changing up distribution methods. In such cases, organizations can benefit from 24/7 access to threat hunting and threat intelligence, to make sure that they are protected from a constantly increasing number of complex attacks.

MDR can also provide alert monitoring and threat prioritization, allowing organizations to make the most out of their endpoint detection and response tools. MDR professionals can help companies make sense out of a large number of gray alerts to identify malicious threats.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Threat Landscape