By Tomáš Foltýn
While not the most frequent victims of cybercrime,
firms in financial services are facing higher costs relating to such incidents
when compared to businesses in any other sector, a study by Accenture and the
Ponemon Institute has found.
The financial services industry was found to incur
cyberattack-induced cost of nearly $18.3 million per firm in 2017 following on
from an increase of 10 percent year-over-year, and 40 percent since 2014,
according to the report, called “2017 Cost of Cyber Crime Study”.
Fifteen sectors in seven countries were measured,
with utilities and energy ($17.2 million) coming in second in this regard,
followed by aerospace and defense ($14.5 million).
Across all industries, the financial consequences
of cybercrimes averaged $11.7 million per firm. This represents a nearly
23-percent hike on the year and a 62-percent surge since 2013.
Meanwhile, the rate of successful breaches per firm
in the financial services sector alone jumped from 40 in 2012, to 125 last
year. Still, it is lower than the latest figure across the board – 130.
A further breakdown of the overall figures shows
that, in all, the actual cost hinges on a number of variables. The factors that
enter heavily into the equation include attack types and their frequency, along
with the organization’s size and even the country in which an organization is
based.
For instance, US companies lead the pack when it
comes to the total average cost of cybercrime incidents while Australia is on
the opposite side of the range.
As well, malware
and web-based attacks were pegged as particularly costly from among nine attack
methods under review, as the annualized costs faced by companies due to
specifically these types of attacks reached $2.4 million and $2 million,
respectively.
Financial services firms turned out to be an outlier here,
however, as attacks using malware were among the least costly types of
incursions for these companies ($5,000 on average per attack). By contrast, denial-of-service attacks carried the most painful financial
sting ($227,000), followed by phishing
and social engineering ($196,000).
From among four consequences of a cybercrime,
information theft was rated as the most expensive such consequence, followed by
business disruption and revenue loss.
The study looked at the immediate costs emanating
from cyber-incidents based on the first four weeks after such a breach, rather
than dealing with long-term costs of remediation. It is based on nearly 2,200
interviews with IT, compliance and information security practitioners from a
sample of over 250 larger-sized companies in Australia, France, Germany, Italy,
Japan, the United Kingdom, and the United States.