A Frost & Sullivan study commissioned by Microsoft reveals that despite financial services being a highly regulated industry, more than half (56%) of the organizations surveyed have either experienced a security incident (27%) or are not sure if they have had a security incident as they have not checked (29%). The study further reveals that over the last year, each cyberattack has cost large financial services companies in Asia Pacific an average of US$7.9 million in direct and indirect economic loss, and three out of five organizations have also experienced job losses resulting from cybersecurity incidents. For mid-sized financial services companies, the average economic loss due to a cybersecurity incident was US$32,000 per organization.
These findings are part of the “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” study which was launched in May 2018 and aims to provide business and IT decision makers in the financial services sector with insights on the economic cost of cybersecurity breaches and to help to identify any gaps in their cybersecurity strategies. The initial study involved a survey of 1,300 business and IT decision makers ranging from mid-sized organizations (250 to 499 employees) to large-sized organizations (>than 500 employees), and 12% of these respondents are from the financial services industry.
To calculate the cost of cyberattacks, Frost & Sullivan created an economic loss model based on insights shared by the survey respondents. This model factors in two kinds of losses which could result from a cybersecurity breach:
A breakdown of the average direct and indirect economic cost that a large financial services organization can incur due to a cybersecurity incident.
“Trust is foundational for all business decision-making. This is especially true when it comes to the financial services industry as they are protecting not only their own businesses, but also their customers’ data and financial assets,” said Kenny Yeo, Industry Principal, Cyber Security, Frost & Sullivan. “For banks and other financial services organizations, the potential loss of trust and the consequent reputation damage is a far greater threat than the economic impact of a cybercrime.”
Key Cyberthreats and Gaps in Financial Services Companies’ Cybersecurity Approaches
The study found that for financial services companies remote code execution, online brand impersonation, ransomware and data exfiltration are the biggest concerns as they have the highest impact to the business and they often result in the slowest recovery time.
While on one hand, financial services companies see great competitive advantage in offering advanced digital services to their customers, the study revealed that cybersecurity concerns and approaches are impeding their digital transformation journey:
It was rather revealing that despite the fact that cybersecurity will likely be enhanced through the digital transformation process, the majority of respondents (40%) from financial services industry saw their cybersecurity strategy as merely a means to safeguard their organizations against cyberattacks. Only one out of four (25%) sees cybersecurity as a business advantage and an enabler for digital transformation.
The study reveals that only 28% of financial services companies that had fallen victim to a cyberattack considered building a cybersecurity strategy before the start of a digital transformation project, as compared to more than one out of three (35%) organizations that have not encountered any cyberattack.
The remaining respondents stated that they either considered cybersecurity after their projects have started, or they did not take cybersecurity into consideration when designing their digital transformation projects.
This debunks a popular misconception that deploying a large portfolio of cybersecurity solutions will render stronger protection. The reality is that the complexity of managing a large portfolio of cybersecurity solutions may lead to a longer recovery time for cyberattacks.
“Cybersecurity is one of the most pressing issues of our time and there are no silver bullets,” said Connie Leung, Senior Director, Financial Services Business Lead - Asia, Microsoft. “The financial services sector is subjected to many laws and regulations relating to cybersecurity. These can be far-ranging and complex. In addition, financial services companies are working to enhance customer experience while applying the required controls. Global digitization combined with unprecedented changes to the financial services business model is mandating transformation. To get there, financial services companies must embrace new digital business models that combine agility and security, with trust at the center.”
Financial services companies Leveraging Artifical Intelligence for Cybersecurity
Artificial Intelligence (AI) has been on the frontlines of the fight against fraud for a while now, but these days, it’s more powerful than ever, thanks to machine learning and stronger computing power. Today, it is a weapon of choice for financial services companies to reduce cybersecurity risks. The study reveals that four in five (81%) financial services companies in the region have either adopted or are considering an AI-based approach to complement their cybersecurity strategy.
By rapidly analyzing vast quantities of data and providing actionable insights for cybersecurity professionals, AI-driven cybersecurity architecture enables organizations to accomplish tasks, such as identifying cyberattacks and removing persistent threats like data exfiltration malware, faster than any humans, thus making it an increasingly vital element of any organization’s cybersecurity strategy.