10 Reasons Why Financial Services Companies Must Prioritize Information Security

"Cyber criminals go where the money is" begins a fact sheet published by telecommunications company Verizon Enterprise.  

And, it’s true. Financial services organizations such as banks, insurance companies, investment managers, and payment processors are common targets of hackers and information thieves.  

In fact, in 2013 up to 6% of the total estimated cybercrime revenue of $100 billion came from the coffers of the financial services industry, according to a whitepaper from data security company Vormetric.

Cost is just one of the reasons why companies in the financial services sector must prioritize data security in and out of the workplace. Here’s some food for thought:

1. Higher than average cost per record. It costs financial sector companies $206 per lost or stolen record, according to Ponemon Institute’s 2014 Cost of Data Breach Study: Global Analysis. The average cost for each lost or stolen record by all sectors in the study was $145.
2. Churn rate. The financial services sector has the highest ‘churn’ rate (client turnover after a data breach occurs) of all sectors – in fact, 7.1% of clients leave, according to the 2014 Cost of Data Breach Study: U.S. by Ponemon. Industry experts suggest that many people expect their bank or investment company to do a better job at information security. When those expectations fall short, the client often leaves.
3. It’s the law. The Gramm-Leach Bliley Act (GLBA) directs the protection of consumer information (hard copy, electronic and on portable devices) in the financial services industry. The different safeguards that are recommended include an information security policy, regular security audits, on-going employee training in data security best practices, and document management from generation to secure destruction services when information is no longer needed.
4. Savings. The Global Analysis Cost of Data Breach Study showed that having a strong security posture, incident response plan, and CISO in charge can reduce the cost per breached record.
5. Customers’ rights. The law stipulates that financial companies explain their information sharing practices to customers and provide the opportunity for them to opt out.   
6. Penalties. Non-compliance of the GLBA can result in imprisonment for up to five years, major fines (up to $100,000 for each violation), or both.  
7. Insiders. Vormetric’s research shows that even though the larger financial services firms have decent IT/security budgets and trained security staff, 41% still feel vulnerable to insider threats.
8. Pretexting. Using forged or stolen documents to obtain personal information illegally from financial services organizations is thriving.  
9. Card skimming. Illegal tampering with a card payment device is one of three most common ‘patterns’ of attack by cyber criminals in the financial services sector, according to the 2014 Data Breach Investigations Report by Verizon. Card skimming accounted for 22% of all incidents in financial services.
10. Cyber Theft. The Verizon report showed that the top two ways cyber criminals attack financial services organizations are web application attacks where attackers exploit vulnerabilities (accounting for 27%), and denial of service (DOS) attacks where an organization’s systems and applications are besieged by malicious traffic (26%). Safeguards include all the latest prevention and detection tools as well as other data loss prevention.

How proactive is your company? These security solutions are tailored to financial sector organizations and can help reduce the risk of a costly data breach incident.