Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

2/14/2018
12:30 PM
Sara Peters
Sara Peters
Quick Hits
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cybercrime Costs for Financial Sector up 40% Since 2014

A 9.6% increase just in the past year, and denial-of-service attacks are partly to blame.

Financial services companies spend more on cyber incident response, on average, than any other industry, and the amount they spend per incident has swelled by 40% over the past three years, according to a new study. 

The Cost of Cybercrime Study, released Tuesday by Accenture and the Ponemon Institute, focuses on direct costs of incident response, not long-term remediation. According to the report, the finance sector's average per incident cost increased from $12.97 million in 2014 to $18.28 million in 2017; well above the 2017 average of all other industries at $11.7 million.

Nevertheless, the financial services industry continues to lead the way when it comes to their cybersecurity programs.          

"While the cost of cybercrime for financial services companies continues to rise, our research found that these companies have considerably more balanced and appropriate spending levels on key security technologies to combat sophisticated attacks than do those in other industries," Chris Thompson, a senior managing director at Accenture, said in a statement. "This is particularly true with regard to the use of automation, artificial intelligence and machine-learning technologies, which could be critical to future cybersecurity efforts."

In fact, the types of attacks that caused the financial services industry the most trouble were those that are as yet difficult to solve with technology, or have recently made advances in sophistication. While malware attacks were among the least costly for financial services at $5.46 million per incident on average, malicious insiders cost $169 million, phishing/social engineering cost $196.6 million, and denial-of-service attacks $227.7 million.

For more information, see here

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing Writer,  5/28/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13777
PUBLISHED: 2020-06-04
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TL...
CVE-2020-10548
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10549
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10546
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10547
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.