The financial services industry has been hit hard this year with data breaches. Perhaps the most notorious was the Equifax breach that the nation is still reeling over. More than ever, financial firms need to protect themselves and their clients.
Aside from the public backlash, reputation damage and lost client trust, financial firms who experience a data breach face a myriad of costs, from forensics and breach notifications to lawsuits and settlement fees.
Below, we take a look at the cold hard numbers and how much a data breach can cost your firm. We go into the sources of breach, the average direct costs involved and the often-overlooked indirect costs.
If you think conducting an annual security analysis is expensive, compare it to the cost of a data breach. The average cost per record breached in the financial services industry is $336 – second only to a healthcare record, which is $380. Industries outside of finance and healthcare experience a cost of about $225 per record breached.
Financial records are highly valuable to hackers because the data is not easily changed by the client. For instance, breached data often includes names, addresses, dates of birth, social security numbers and banking information. This data typically follows a person through their whole life, making it highly valuable.
This year, the average total cost of a data breach hit an all-time high – $7.35 million
In 2016, cybersecurity attacks hit 87 percent of organizations. Further, 24 percent of breaches affect financial organizations. These attacks were successful because of insider error or wrongdoing (41 percent) and cybersecurity threats like hacking, malware, and ransomware (32 percent).
If you think data breaches only happen at large organizations like Equifax, think again. Of the data breach victims in 2016, 61 percent had fewer than 1,000 employees.
So, what factors decrease (or increase) the cost of a breach?
- Decrease
- Insurance protection
- Appointed Chief Information Security Officer
- Extensive use of encryption
- Increase
- Rushing to notify affected users
- Lost of stolen devices
- Extensive use of mobile platforms
- Compliance failures
The average breach costs an organization $7.35 million. Here’s how those costs break down:
- Investigations and Forensics: $1.17 million
- Audit and consulting services: $294,000
- Outbound contact costs: $220,500
- Inbound contact costs: $294,000
- Public relations: $73,500
- Legal – defense: $1.2 million
- Legal – compliance: $220,500
- Free or discounted services: $73,500
- Identity protection services: $147,000
- Lost customer business: $3.01 million
- Customer acquisition costs: $588,000
That’s in addition to the indirect costs like:
- Loss of consumer confidence
- Firm reputation
- Client turnover (the financial industry experiences the highest client churn rate after a data breach)
- Loss of brand value
- Employee morale
Protecting your firm is crucial. Implementing these controls will mitigate your practice’s vulnerability:
Administrative controls:
- Conduct regular user training
- Hire a dedicated security officer
- Employ and enforce Bring Your Own Device (BYOD) policies
- Enforce password policies (80 percent of hacking related breaches leveraged either stolen passwords and/or weak guessable passwords)
- Conduct extensive due diligence on 3rd party vendors
Technical controls:
- Always patch and update systems
- Automate your disaster recovery process
- Use anti-virus software
- Enforce a software restriction policy
- Implement application and internet whitelisting
Unfortunately, financial services firms have a target on their back when it comes to cyberattacks. Know your vulnerabilities, be proactive about protecting your firm and be vigilant when it comes to user training.