BankThink

How banks can limit the financial impact of cyberattacks

The COVID-19 pandemic has disrupted global markets, causing governments, organizations and consumers to lose trillions of dollars from the resultant surge in financial crime and fraud. Though the impact has been widespread, financial services have borne the brunt of these attacks, with 75% of financial institutions experiencing losses from pandemic-related cybercrime.

The increase in remote work has seen gaps emerging in corporate networks, creating an attractive target for cybercriminals — so much so that 42% of banks and insurers in the United States admit that this model has made them less secure. Moreover, attackers are exploiting people's concerns about the pandemic by hiding malware in COVID-related content and scams. For instance, there was an increase of 83% in phishing (email), 22% in smishing (text messages), 79% vishing (phone calls).

These attacks have been so prolific that 56% of financial institutions reported an increase in losses over the last 12 months. The average cost per institution over that period was $720,000. For consumers who had their lost money refunded, the average amount was $1,174, while those who did not lost an average of $743.

Perhaps most concerning is that despite the growing scale of this problem, financial institutions have had to reduce budgets within IT security, cybercrime, fraud and risk departments by 26%. More than a third also had to reduce the number of people in their IT security teams since the onset of the pandemic.

But despite budget and resource cuts, there is still an opportunity to revitalize defensive postures.

Financial service providers must strengthen capabilities to meet the growing expectations of an increasingly cyber-savvy customer base. A quarter of consumers believe their provider could do a lot more to protect them from cybercrime and over half now think it's the job of financial institutions to do so. Most consumers also say they now consider cybercrime protection when choosing a bank or card provider.

Banks have a responsibility to provide better guidance to consumers on how to protect themselves online, which benefits both parties. By educating their customers on best practices, banks and insurers can significantly diminish the chances of social engineering attacks (such as phishing) being successful. And because this is a continually evolving threat, these initiatives cannot be a one-off, but must form part of a continuous campaign that reflects changing attack methods and consumer habits.

When attacks succeed, financial institutions must learn from them and embrace more sophisticated threat detection technologies to reduce the risk of it happening again. Using intelligent cybersecurity solutions that automate much of the human function alleviates the pressures faced by reduced IT security and fraud departments.

Banks can also take advantage of artificial intelligence and machine learning technology to help them predict and defend against known and unknown attacks on their systems and their customers' accounts.

There is also an opportunity for financial institutions to bolster internal security with a focus on people, processes and technology. That means understanding where key assets lie and where data flows across the organization, what the chief threats and attack vectors are and where vulnerabilities lie. It means continually training staff in best practice cyber awareness, breaking down silos between compliance, fraud and security teams, and following internationally recognized governance frameworks and standards.

To endure in a new Wild West of cybercrime, consumers and financial institutions must be more vigilant and aware of how cyberattacks are evolving. Only then can the damage caused by successful attacks be reduced.

For reprint and licensing requests for this article, click here.
Cyber security Fraud detection
MORE FROM AMERICAN BANKER