Ken Turbitt Blog
Aidan Lawes Blog
Paul Gostick Blog
Dr Jenny Dugmore Blog
Shirley Lacy Blog
Alim Ozcan Blog
Juan Jimenez Blog
Ian Clayton Blog
Nas Ozcan Blog
Aidan Mills Blog

The General Data Protection Regulation Benchmarking Survey
How are organisations facing the challenge of complying with the most radical overhaul of data protection laws in a generation?...

Ten Strategic Technology Trends for Government
Technologies that enable new service models for digital government must be at the top of the list for government organizations as they prioritize technology investments...


The Robots are Coming: Are CEOs Ready for the Era of Automation?
CEOs agree that robotics is going to make their companies more efficient, with 94% of those who've already adopted robotics saying that it's increased productivity in their business...


The 2015 Chief Digital Officer Study
More companies are appointing a Chief Digital Officer to join their C-suite - but are they doing it quickly enough?...


18th Annual Global CEO Survey
The United States has overtaken China as top target for growth for the first time in five years...

14 February 2018 | ITSM
Send to a colleague | Add to MY ITP

Cost of Cyber Crime Study
Cybercrime costs Financial-Services sector more than any other industry, with breach rate tripling over past five years...

Cyberattacks cost financial-services firms more to address and contain than in any other industry, and the rate of breaches in the industry has tripled over the past five years, according to a report from Accenture and the Ponemon Institute.
The report, "Cost of Cyber Crime Study," examines the costs that organizations incur when responding to cybercrime incidents and applies a costing methodology that allows year-over-year comparisons. It found that the average cost of cybercrime for financial services companies globally has increased by more than 40 percent over the past three years, from US$12.97 million per firm in 2014 to US$18.28 million in 2017 – significantly higher than the average cost of US$11.7 million per firm across all industries included in the study. The analysis focuses on the direct costs of the incidents and does not include the longer-term costs of remediation.
However, the report also notes while cyberattacks have a greater financial impact on the financial services industry than on any other industry, financial services firms continue to make prudent and sophisticated security technology investments that contribute to reducing the cost of breaches significantly. The greatest proportion of financial services firms’ cyberdefense spending is for more advanced solutions like security intelligence systems, followed by automation, orchestration and machine-learning technologies.
“While the cost of cybercrime for financial services companies continues to rise, our research found that these companies have considerably more balanced and appropriate spending levels on key security technologies to combat sophisticated attacks than do those in other industries,” said Chris Thompson, a senior managing director at Accenture who leads financial services security and resilience in the company’s Security practice. “This is particularly true with regard to the use of automation, artificial intelligence and machine-learning technologies, which could be critical to future cybersecurity efforts.”

Among the key findings for the financial services industry:

  • The average number of breaches per company has more than tripled over the past five years, from 40 in 2012 to 125 in 2017; that is slightly below the global average of 130 across all industries.
  • Nearly two-thirds (60 percent) of financial services companies’ total security costs is spent on containment and detection of cyberbreaches.
  • The greatest impact of cyberbreaches on financial services firms are business disruption and information loss, which together account for 87 percent of the cost to respond to cybercrime incidents, with revenue loss accounting for only 13 percent.

The report notes that more can be done with regards to security technologies deployed in financial services. Only one-quarter (26 percent) of financial-services companies have actually deployed AI security technologies, and fewer than one-third (31 percent) use advanced analytics to fight cybercrime.


              Most Costly Attack Types for Financial-Services Firms

At the same time, financial-services firms appear to be less affected than other industries by more-common forms of cyberattacks. While 2017 saw a string of malware attacks – including the WannaCry and Petya attacks, which cost several global firms hundreds of millions of dollars in lost revenues – malware attacks were among the least costly types of cyberattacks for financial services companies. The costliest types of attacks for banks and insurers are denial of services, phishing and social engineering, and malicious insiders.
“Banks and other financial services firms have implemented advanced solutions for malware, reducing the susceptibility to such attacks, so the cybercrimes they’re currently grappling with are largely different from those affecting other industries,” Thompson said. “One such threat is identifying bad actors within their own organization and figuring out the right combination of human effort with technologies to combat this growing issue. One thing is certain, however: When it comes to fighting cybercrime, organizations can’t hire their way out of this issue, as there simply aren’t enough talented cyber professionals out there.”

For additional information on the “Cost of Cyber Crime Study” click on the link https://goo.gl/UFgZNk.


The study, conducted by the Ponemon Institute on behalf of Accenture, analyzes a variety of costs associated with cyberattacks to IT infrastructure, economic espionage, business disruption, ex-filtration of intellectual property and revenue losses. Data was collected from 2,182 interviews conducted over a ten-month period from a benchmark sample of 254 organizations in seven countries: the United States, United Kingdom, Australia, Germany, Japan, France and Italy. The financial services industry data was from 352 interviews from a benchmark sample of 42 financial services companies in those seven countries. The study represents the annualized cost of all cybercrime events and exploits experienced over a one-year period, including costs to detect, recover, investigate and manage the incident response. Also covered are costs that result in after-the-fact activities and efforts to contain additional expenses from business disruption and the loss of customers.

Accenture / Ponemon Institute Email to a colleague | Add to MY ITP

terms & conditions