Financial firms bear the largest share of cyber attack costs
The cost to address and contain cyber attacks is greater for financial services firms than for companies in any other industry, and the containment costs continue to rise, according to a report from IT services provider Accenture and security research firm Ponemon Institute.
The report found that the average annualized cost of cyber crime for financial services companies globally has increased to $18.5 million, the highest of all industries included in the study and more than 40 percent higher than the average cost of $13 million per company across all industries.
For the study, Ponemon Institute gathered data from 2,647 interviews conducted over a seven-month period from a benchmark sample of 355 organizations in 11 countries. The financial services industry data was collected from 537 interviews from a benchmark sample of 72 financial services companies in multiple countries.
The analysis focuses on the direct costs of incidents and doesn’t include the longer-term costs of remediation.
Malicious insider attacks are the most expensive type of attack for financial services firms to resolve, at $243,000 per attack.
They also take the longest time to be resolved, at about 55 days on average. That’s significantly higher than the time to contend with ransomware (34 days) or Web-based attacks (26 days).
Even though cyber breach levels at financial services firms are close to or lower than the cross-industry average, the financial services industry continually has the highest cost of cyber crime, said Chris Thompson, global security and resilience lead for financial services at Accenture Security.
“More prudent technology investments at the right spending levels would actually reduce costs while improving banks’ and insurers’ overall cyber security resilience,” Thompson said. “These cost savings are crucial for financial services executives trying to decide how much to spend on security versus other key areas, such as their overall digital transformation.”