Cost of a data breach: banking and finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is a table stake for several industries, especially healthcare and banking and finance. Not only is financial data at risk, but so is customer confidence. In banking and finance, trust means everything.

Yet consumers are reluctant to share their confidential data. A recent McKinsey survey found that no industry has achieved a 50% confidence rating for data protection.

Here’s the sobering statistic: 87% of respondents said they would refuse to do business with a company they perceived to have weak security practices.

When banking and financial data breaches happen – and they do happen often – they don’t always come from a bad actor. Often, breaches stem from poorly secured third-party applications or a lack of proper user authentication protocols.

Banking and financial data breaches

Several data breaches have hit these industries over the past year. What can we learn from them?

In January 2021, attackers hacked the accounts of three million Morgan Stanley corporate clients. The breach, reported in July, involved a third-party vendor. Attackers could gain access to customer names and addresses, social security numbers, date of birth, and company name. The bank reported that attackers managed to exploit a vulnerability in the provider’s server. Although the vulnerability was quickly fixed, the attackers still managed to obtain a decryption key for the encrypted files.

In December 2021, crypto exchange Bitmart suffered a large-scale security breach. The attackers took $200 million worth of cryptocurrency. And all the bad actors had to do? Steal a single private key.

In November 2021, e-commerce platform Robinhood announced a data security incident that affected millions of its customers. The company disclosed that an “unauthorized third party” was able to obtain the email addresses of five million people and the full names of two million others. For 310 users, “additional personal information” was stolen. The attackers reportedly demanded payment of a ransom as a result of the breach.

How much does a financial breach cost in 2022?

According to the IBM 2022 Cost of a Data Breach report, the financial sector had the second highest average cost per breach, behind healthcare. As the average costs of healthcare breaches reached a new high of $10.10 million (an increase of nearly 42% since the 2020 report), financial organizations averaged $5.97 million dollars per breach.

On a positive note, the Cost of a Data Breach report found that the average number of days to identify and contain a data breach fell from 287 in 2021 to 277 in 2022, a reduction of 10 days or 3.5% . The average number of days to contain a breach also decreased in 2022, from 75 days in 2021 to 70 days in 2022.

Explore the report

Risks and challenges for banking and finance

Costly data breaches are only one side of the coin.

First, the industry needs to keep up with the evolution of digital transformation and technological innovations. Digital services, cloud computing and artificial intelligence (AI) play a key role. To meet customer demand, financial institutions need to leverage more new applications, devices, and infrastructure components. These, in turn, only increase their attack surface.

Second, banking and finance are subject to more complex regulations from year to year. Data protection and privacy standards are constantly changing and fines for non-compliance are increasing.

Third-party risk management is essential for any industry. However, banking and finance must be extra vigilant to ensure the safety of third-party sellers and suppliers. Third-party breaches underscore the potential vulnerability of the financial services industry to cyberattacks. After all, it increasingly relies on vendors and vendors that cannot guarantee cybersecurity.

Finally, as the hybrid workplace grows in popularity, so does an organization’s risk. Remote and hybrid working present a more daunting challenge for industries with more critical data to protect.

Reduced data breach costs

Although the threat landscape is growing and breaches are occurring, proactive security measures are working. The Cost of a Data Breach report shows how today’s security policies can reduce the average cost of a breach.

Security AI and Automation

Organizations that use security automation like AI, machine learning, analytics, and automated security orchestration saved an average of $3.05 million per breach compared to companies that didn’t. neither use AI nor security automation.

Extended detection and response

2022 is the first time the report examines the effects of extended detection and response (XDR) technologies on the cost of a data breach. Notably, organizations that deployed advanced threat detection and response tools saw an average savings of 9.2% per breach. While these savings don’t seem significant, the real impact is in the reduced duration of faults — almost a month.

Incident Response

Companies that have dedicated incident response (IR) teams and test their IR plan have significantly reduced the average cost of a data breach by $2.66 million per breach compared to those without an IR plan. IR team or no IR test in place.

Risk Quantification

Risk quantification can highlight the types of financial loss by impact, loss of productivity, cost of response or recovery, reputational impact, fines and judgments. Companies using risk quantification saved $2.10 million per breach on average compared to those that don’t.

Zero Trust

The zero-trust approach assumes that user identities or the network itself may already be compromised. Instead, it relies on AI and analytics to continuously validate connections between users, data, and resources. It’s no surprise that zero trust has a net positive impact on data breach costs, saving companies with a mature zero trust deployment an average of $1.51 million per breach compared to those who adopted zero trust early.

These statistics provide the dose of optimism the industry needs. As more and more organizations invest in proactive security strategies and cloud management best practices, the impact and risk of a data breach can be reduced.