Financial services firms are targeted more than any other sector, with breaches tripling over the past five years, according to the latest report from Accenture.
The consultancy conducted over 2100 interviews with hundreds of organizations in the UK, US, Australia, Germany, Japan, France and Italy to compile its latest Cost of Cyber Crime study.
It revealed that the average cost of cybercrime for the sector has increased by over 40% over the past three years, from $13m per firm in 2014 to $18m in 2017. By contrast, the average cost per firm for other sectors is just under $12m. The report considered direct and not longer term costs.
The average number of breaches per financial services firm has grown from 40 in 2012 to 125 last year, the report continued.
Denial of service attacks were pegged as the most costly, at an average of $228,000 per attack, followed by phishing and social engineering ($197,000).
Business disruption and data loss comprise the majority (87%) of cybercrime costs, with revenue loss accounting for only 13%.
Nearly two-thirds (60%) of respondents’ total security costs is spent on containment and detection of breaches.
However, Accenture claimed that there’s an opportunity for companies in the sector to improve their security posture through the use of advanced technologies such as AI, which only a quarter currently use, and advanced analytics, which less than a third use.
However, a report from the global Financial Services Information Sharing and Analysis Center (FS-ISAC) out yesterday claimed that the top priority for CISOs in the sector is employee training (35%), followed by infrastructure upgrades and network defense (25%) and then breach prevention (17%).
“Banks and other financial services firms have implemented advanced solutions for malware, reducing the susceptibility to such attacks, so the cybercrimes they’re currently grappling with are largely different from those affecting other industries,” argued Accenture’s financial services security and resilience lead, Chris Thompson.
“One such threat is identifying bad actors within their own organization and figuring out the right combination of human effort with technologies to combat this growing issue. One thing is certain, however: when it comes to fighting cybercrime, organizations can’t hire their way out of this issue, as there simply aren’t enough talented cyber professionals out there.”