Cybersecurity in Financial Institutions
The financial sector faces more and costlier cyberattacks than any other industry. Over a quarter of the security incidents monitored by IBM in 2018 were from the financial sector. A 2019 report from IT services provider Accenture and security research firm Ponemon Institute found that the cost of these attacks worldwide was $18.5 million, and that figure does not include the long-term costs of remediation, business disruption, and loss of customer confidence. In addition, Deloitte estimates that big banks and other financial firms spend as much as $3,000 per employee to defend computer networks from cybercriminals.
Large banks may be able to build massive staffs armed with ever-increasing budgets to establish an almost impregnable wall of cybersecurity, but how can smaller financial institutions offer a similar level of security with smaller budgets and staffs?
Four steps to greater cybersecurity
1. Begin with a strategy
Cybersecurity is not the job of the IT department alone. It is the job of everyone in the financial institution. Banks that are seriously and successfully attacking the problem are starting at the top with the involvement of senior leadership, raising cybersecurity’s profile within the organization, and aligning cybersecurity efforts more closely with the company’s business strategy. When senior management acknowledges the importance of cybersecurity and gives it adequate attention and funding, banks experience a far greater level of success. As Deloitte concludes in its cybersecurity spending survey, “How a security program is planned, executed, and governed is likely as important as how much money is devoted to cybersecurity.”
2. Realistically assess IT capabilities
Most small- to medium-size banks have small IT staffs who struggle to keep up with internal needs, leaving them with no time or training for cybersecurity issues. Some banks facing this limitation have turned to outside sources for additional support and training.
One Missouri bank chose to outsource their IT as a way to contain costs while tackling cybersecurity challenges. Michele King, Executive Vice President and Chief Financial and Operations Officer of Ozarks Federal Savings, turned to Teksetra as her IT partner, handling everything from strategy to implementation. As King explained it, “Cybersecurity is huge for us, and it’s on so many fronts. It’s protecting our network and making sure that every vendor has adequate cybersecurity. And for our folks with online banking or bill pay or mobile banking or debit cards, every one of those avenues is a cybersecurity risk. No matter what we do in technology, security is the top priority.”
“No matter what we do in technology, security is the top priority.”
Michele King, Ozarks Federal Savings
3. Take every reasonable precaution
No effective cybersecurity program is “plug and play.” Cybersecurity requires the constant, active involvement of every member of the bank staff.
Regular employee cybersecurity training is a basic measure that can be easily overlooked. Employees can be the unwitting open door for hackers. According to a recent study by PhishMe, 91 percent of cyberattacks begin with spear-phishing emails. Simply training employees on basic precautions can save costly hacks.
Experts also suggest that, where viable, banks use tools such as biometrics, cryptographic technologies, virtual private networks, AI, advanced analytics, or other machine-learning technologies to detect and prevent cyberattacks. The estimated average ROI for nine categories of these “enabling” security technologies is 14:1 according to an Accenture Report.
“70 percent of data breaches are caused by people and process failures within the company.”
PhishMe
4. Never blink
Cybersecurity is a bit like the game of Whac-a-Mole®. As one breach is discovered and defeated, a new one is created. International cybercriminals work 24/7 to find and exploit vulnerabilities. And because the criminals never sleep, neither can those who work to thwart them. Effective cybersecurity cannot be a second thought or minimized by banks of any size. It is a cost of doing business that, if done correctly, saves financial institutions more than the immediate cost of the cybercrime. It saves the cost of disruption of business and the long-term loss of customers and community confidence.
Every financial institution must find a way to make cybersecurity a priority. Find out how the technology experts at Teksetra can help you create a strategy and a cybersecurity program that builds strong and secure customer relationships year after year.