Cyber-attacks targeting financial services firms are on the rise, with 93 percent of financial services organizations experiencing various cyber-threats in the past 12 months, according to a report from IT research firm Kaspersky Lab and B2B International.
More than half (52 percent) of financial institutions have a policy of reimbursing all losses caused by cyber-crime without investigation and that the true cost of financial data loss is between $66,000-$938,000, depending on the size of the organization.
However, the report also found just 28 percent of financial services organizations think that the risk of damages from cyber-crime is outweighed by the cost of prevention.
"There is no question that consumers require further information about the risks they face when transacting in an online world," Ross Hogan, global head of the fraud prevention division at Kaspersky Lab, told eWEEK. "If I’m being honest, I believe that consumers should be aware of the risks at a high level, but it is the financial institution’s responsibility to guard against those risks–not the consumer’s."
Hogan said it is unrealistic to expect the average consumer to be savvy enough to institute adequate protection and to keep it on par with the evolution of the threat.
While this creates a situation where financial institutions have to institute controls to help protect users form their own behavior and exposure, almost no financial institution can accomplish this on their own.
A little under half (47 percent) of financial companies surveyed said they think that loss of credibility or damage to reputation as a result of a data breach is the worst consequence to the company.
The survey also found that 82 percent of businesses would consider leaving a financial institution that suffered a data breach and that 74 percent of companies choose a financial organization according to their security reputation.
"In order to keep pace with the evolving sophistication and frequency of attacks, financial institutions are advised to partner with security experts," Hogan said. "Unfortunately, many financial institutions make the strategic mistake of trusting their security to startups with point solutions that become ineffective or stale over time or to generic, oversized services companies. Intelligent institutions interested in enduring security approaches should consult the experts."
While cyber-attacks targeting financial services firms are on the rise, nearly one out of three organizations still don’t provide protection of users’ endpoints or implement specialized protection inside their own infrastructure, the survey revealed.
"The tools, techniques, knowledge and resources of cyber-criminals are escalating astoundingly fast. Underground marketplaces are flourishing with new, advanced tools to aid cyber-criminals for nominal fees--if not free," Hogan warned. "In reality, there is tremendous motivation to commit cyber-crime as it is lucrative and depersonalized. People have much more money in their accounts than in their physical wallet. The outlook is worrisome."