Statistics Demonstrating Financial Services Cybersecurity is Vital
The need for financial services cybersecurity is clearly demonstrated by eye-opening financial services cybersecurity statistics and trends. Key cyberattack statistics in 2021 include:
- Ransomware damage costs will rise to $20 billion by 2021 and a business will fall victim to a ransomware attack every 11 seconds at that time. (Cybersecurity Ventures)
- The U.S. government allocated a budget of $18.78 billion to cybersecurity for 2021. (Atlas VPN)
- Cyberattacks on banks in 2020 and beyond will result in them losing $347 billion. Insurers will lose $305 billion and capital markets will lose $47 billion by 2024. (Accenture)
- 86% of breaches in 2020 were financially motivated. (Verizon)
- Cyberattacks on financial institutions in 2020 exposed an average of 352,771 sensitive files. (Varonis)
- The average financial services employee has 11 million files available to them, while employees of large organizations can access 20 million files. (Varonis)
- Cyberattacks demand more time to mitigate, including malware (89% more time), ransomware (30% more time), and phishing and social engineering attacks (22% more time). (Accenture)
- 36 billion records were exposed by data breaches in the first half of 2020. (RiskBased Security)
- Financial services cyberattacks in 2020 as a result of data breaches cost organizations an average of $3.86 million and took an average of 207 days to identify. (IBM)
- Only 5% of corporate folders are securely protected. (Varonis)
- The frequency of data breaches has increased by 67% since 2014. (Accenture)
- Cyber crime results in a $2.9 million loss every minute. (RiskIQ)
- 30% of all cyberattacks involve insider threats. (Verizon)
- Cyber criminals launch cyberattacks every 39 seconds. (University of Maryland)
- Because of the increasing number of cyberattacks on the financial sector, 70% of financial organizations rank cybersecurity as their biggest concern. (Conference of State Bank Supervisors)
How Vulnerable Are Financial Services to Cyber Threats?
Data breach statistics in 2021 show that financial services organizations are at considerable risk of cyber threats. This risk was proven by VMware Carbon Black threat data, which found that attacks targeted at the financial sector increased by 238% between February and April 2020. In particular, ransomware attacks on the financial industry increased ninefold and attempted wire fraud increased by 64% during this period.
The research also found that 80% of financial organizations reported an increase in the number of cyberattacks they faced. Even more concerningly, 82% said the attacks they faced had increased in sophistication over the previous 12 months.
Drivers Behind Endemic Cyber Threats in Financial Services
Financial services organizations are facing a wide range of cyber threats and an increased volume of attacks. The key drivers behind cyber threats for banks include:
Inordinate Targeting of Financial Services
Financial services are significant targets for cyber criminals because they have money, data an attacker can sell, and vulnerabilities that make accessing that data relatively easy. Attackers carry out more reconnaissance work to target organizations and increase their likelihood of successful attacks.
Financial services have been proven to suffer more attacks than any other industry. That does not mean they are doing less security diligence. Instead, they are disproportionately targeted by attackers. As a result, they are more likely to suffer successful attacks.
Regulations, Flexible Customer Service Models, and IT Complexity
Financial sector cyberattack risks are also affected by various regulations, changing customer demands, and growing IT complexity.
Increasingly stringent data and privacy regulations require financial organizations to store data securely and for specific periods. Failing to meet these requirements carries hefty fines and immeasurable reputational damage.
Financial services also need to meet customer demand using flexible but secure customer service models. These require new technologies, like data and analytics and cloud platforms, which further expand organizations’ attack surfaces.
Smaller firms are unlikely to have the comprehensive IT services or depth of security management and monitoring required to protect their data and users. Many organizations also use email to carry out financial transactions or utilize remote access technologies, which leave them open to attack.
Common Types of Cyberattacks on Financial Services
The most common types of cyberattacks that financial services face include:
Many cyberattacks are highly organized, well-funded operations backed by foreign governments. These foreign entities typically target banks and stock exchanges to destabilize national security and threaten national economies. Others will hire hackers to attack other countries’ financial industries or spread fake news about financial markets to disrupt trade activity and volume.
Complacency Among Authorities
Despite the increased regulatory compliance the financial services industry faces, many people feel there is not enough protection for consumers. As technology evolves rapidly, authorities need to ensure regulation keeps pace to protect banking organizations and their customers.
Credential and Identity Theft
Account takeovers are one of the biggest threats facing financial services. This involves criminals gaining access to a customer’s bank account, then changing details to prevent access. These attacks typically occur through credential stuffing, which uses stolen password and username combinations to hack accounts, that can also be used to commit broader identity theft.
Cyber criminals use cyberattacks to breach an organization’s defenses to steal data. They can then hold it to ransom, sell it for a profit, or share it on the dark web for other attackers to commit wider cyber crimes. Other malicious actors may manipulate data for financial gain or carry out more advanced attack vectors like distributed denial-of-service (DDoS) attacks.
Many security events are caused by human error, rather than intentional or malicious activity. A typical example of this is a bank employee opening a phishing email that automatically downloads a virus onto the organization’s network, leading to additional cybersecurity risks and wider attacks.
Ransomware is a form of malware that involves cyber criminals targeting devices and encrypting the data on them. This makes the computer or the data on it inaccessible, and the attacker demands a fee in return for unlocking the system.
Phishing attacks involve cyber criminals spreading malware or malicious links through emails, text messages, and instant messaging services. Email-based phishing attacks typically involve a malicious link or attachment that either automatically downloads malware onto a device or takes the victim to a spoofed website, where the attacker can steal their data or login credentials.
Vulnerabilities at the Cloud Provider's End
Financial organizations are increasingly moving to the cloud and storing sensitive information in cloud data storage solutions. If such solutions are not secure or have vulnerabilities, attackers can exploit them to install malware and steal or delete data.
Financial organizations also work with more third-party vendors to deliver services. This can increase the risk of an attack and widen the attack surface, especially if a vendor suffers a vulnerability that leads to the organization’s data being leaked or stolen.
New technologies increase the complexity of organizations' IT infrastructures. Cyber criminals are constantly discovering new attack methods and vulnerabilities, which help them exploit security gaps in increasingly complex technologies.
How Fortinet Can Help
Fortinet enables financial services organizations to protect their data and ensure their users are secure through a wide range of cybersecurity solutions. Fortinet allows financial firms to proactively fight cyber crime, protect highly sensitive data, secure their expanding attack surface, and defend themselves against sophisticated attack vectors.
Fortinet assists financial services through critical security solutions like FortiGate next-generation firewalls (NGFWs), which filter traffic to protect networks from internal and external risks. In addition to standard firewall protection, Fortinet NGFWs provide deeper content inspection that enables organizations to identify sophisticated attacks and malware. Fortinet also offers future updates that ensure financial organizations keep pace with the evolving threat landscape.
The Fortinet Fabric Management Center also plays an important role in protecting complex IT infrastructures, increasing network visibility, and preventing security threats caused by human error and technology misconfiguration. The Fabric Management Center helps organizations instill a network security strategy that uses artificial intelligence and machine learning to protect applications, infrastructure, and third-party networks.